From f2fe0e3137e4d906697645f53ae537d5c881750c Mon Sep 17 00:00:00 2001
From: Marcos Lilljedahl <marcosnils@gmail.com>
Date: Fri, 13 Jan 2017 20:39:44 -0300
Subject: [PATCH] Configure CORS correctly

---
 api.go                  | 14 +++++---------
 handlers/new_session.go |  2 +-
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/api.go b/api.go
index 743a9c8..f819c13 100644
--- a/api.go
+++ b/api.go
@@ -14,9 +14,9 @@ import (
 	"github.com/franela/play-with-docker/handlers"
 	"github.com/franela/play-with-docker/services"
 	"github.com/franela/play-with-docker/templates"
+	gh "github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"github.com/rs/cors"
 	"github.com/urfave/negroni"
 )
 
@@ -41,10 +41,6 @@ func main() {
 	}
 
 	r := mux.NewRouter()
-	c := cors.New(cors.Options{
-		AllowedOrigins:   []string{"*"},
-		AllowCredentials: true,
-	})
 
 	// Reverse proxy (needs to be the first route, to make sure it is the first thing we check)
 	proxyHandler := handlers.NewMultipleHostReverseProxy()
@@ -54,7 +50,7 @@ func main() {
 	r.Host(`{node:ip[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}}.{tld:.*}`).Handler(proxyHandler)
 	r.HandleFunc("/ping", handlers.Ping).Methods("GET")
 	r.HandleFunc("/sessions/{sessionId}", handlers.GetSession).Methods("GET")
-	r.Handle("/sessions/{sessionId}/instances", c.Handler(http.HandlerFunc(handlers.NewInstance))).Methods("POST")
+	r.Handle("/sessions/{sessionId}/instances", http.HandlerFunc(handlers.NewInstance)).Methods("POST")
 	r.HandleFunc("/sessions/{sessionId}/instances/{instanceName}", handlers.DeleteInstance).Methods("DELETE")
 	r.HandleFunc("/sessions/{sessionId}/instances/{instanceName}/keys", handlers.SetKeys).Methods("POST")
 
@@ -71,7 +67,7 @@ func main() {
 		http.ServeFile(rw, r, "www/sdk.js")
 	})
 
-	r.Handle("/sessions/{sessionId}/ws/", c.Handler(server))
+	r.Handle("/sessions/{sessionId}/ws/", server)
 	r.Handle("/metrics", promhttp.Handler())
 
 	// Generic routes
@@ -87,14 +83,14 @@ func main() {
 		}
 	}).Methods("GET")
 
-	r.Handle("/", c.Handler(http.HandlerFunc(handlers.NewSession))).Methods("POST")
+	r.HandleFunc("/", handlers.NewSession).Methods("POST")
 
 	n := negroni.Classic()
 	n.UseHandler(r)
 
 	go func() {
 		log.Println("Listening on port " + strconv.Itoa(portNumber))
-		log.Fatal(http.ListenAndServe("0.0.0.0:"+strconv.Itoa(portNumber), n))
+		log.Fatal(http.ListenAndServe("0.0.0.0:"+strconv.Itoa(portNumber), gh.CORS(gh.AllowCredentials(), gh.AllowedHeaders([]string{"x-requested-with"}), gh.AllowedOrigins([]string{"*"}))(n)))
 	}()
 
 	ssl := mux.NewRouter()
diff --git a/handlers/new_session.go b/handlers/new_session.go
index 9ced56f..e0e8cd0 100644
--- a/handlers/new_session.go
+++ b/handlers/new_session.go
@@ -22,7 +22,7 @@ func NewSession(rw http.ResponseWriter, req *http.Request) {
 		//TODO: Return some error code
 	} else {
 		// If request is not a form, return sessionId in the body
-		if req.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
+		if req.Header.Get("X-Requested-With") == "XMLHttpRequest" {
 			rw.Write([]byte(s.Id))
 			return
 		}