GH-181: Added Access-Control-Allow-Credentials header in response to …

…HTTP requests
resgateio · Feb 3, 2021 · f27b6bb · f27b6bb
1 parent 8ad9435
commit f27b6bb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/server/apiHandler.go b/server/apiHandler.go
@@ -30,6 +30,9 @@ func (s *Service) initAPIHandler() error {
 // setCommonHeaders sets common headers such as Access-Control-*.
 // It returns error if the origin header does not match any allowed origin.
 func (s *Service) setCommonHeaders(w http.ResponseWriter, r *http.Request) error {
+	if s.cfg.HeaderAuth != nil {
+		w.Header().Set("Access-Control-Allow-Credentials", "true")
+	}
 	if s.cfg.allowOrigin[0] == "*" {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		return nil

diff --git a/server/wsConn.go b/server/wsConn.go
@@ -49,10 +49,8 @@ func (s *Service) newWSConn(ws *websocket.Conn, request *http.Request, protocol
 		return nil
 	}
 
-	cid := xid.New()
-
 	conn := &wsConn{
-		cid:         cid.String(),
+		cid:         xid.New().String(),
 		ws:          ws,
 		request:     request,
 		serv:        s,