2017-04-12 08:27:57 -04:00
|
|
|
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
2017-03-28 04:58:19 -04:00
|
|
|
// See License.txt for license information.
|
|
|
|
|
|
|
|
|
|
package utils
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
2017-04-20 09:55:02 -04:00
|
|
|
"net/url"
|
2017-03-28 04:58:19 -04:00
|
|
|
"strings"
|
2017-04-20 09:55:02 -04:00
|
|
|
|
2017-09-06 23:05:10 -07:00
|
|
|
"github.com/mattermost/mattermost-server/model"
|
2017-03-28 04:58:19 -04:00
|
|
|
)
|
|
|
|
|
|
2017-11-22 15:58:03 -06:00
|
|
|
func CheckOrigin(r *http.Request, allowedOrigins string) bool {
|
2017-03-28 04:58:19 -04:00
|
|
|
origin := r.Header.Get("Origin")
|
2017-11-22 15:58:03 -06:00
|
|
|
if allowedOrigins == "*" {
|
2017-07-13 14:02:33 -07:00
|
|
|
return true
|
|
|
|
|
}
|
2017-11-22 15:58:03 -06:00
|
|
|
for _, allowed := range strings.Split(allowedOrigins, " ") {
|
2017-07-13 14:02:33 -07:00
|
|
|
if allowed == origin {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
2017-03-28 04:58:19 -04:00
|
|
|
}
|
|
|
|
|
|
2017-11-22 15:58:03 -06:00
|
|
|
func OriginChecker(allowedOrigins string) func(*http.Request) bool {
|
|
|
|
|
return func(r *http.Request) bool {
|
|
|
|
|
return CheckOrigin(r, allowedOrigins)
|
2017-03-28 04:58:19 -04:00
|
|
|
}
|
|
|
|
|
}
|
2017-04-20 09:55:02 -04:00
|
|
|
|
|
|
|
|
func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
message := err.Message
|
|
|
|
|
details := err.DetailedError
|
|
|
|
|
|
|
|
|
|
status := http.StatusTemporaryRedirect
|
|
|
|
|
if err.StatusCode != http.StatusInternalServerError {
|
|
|
|
|
status = err.StatusCode
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.Redirect(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
2017-09-05 17:40:35 -04:00
|
|
|
"/error?message="+url.QueryEscape(message)+
|
|
|
|
|
"&details="+url.QueryEscape(details),
|
2017-04-20 09:55:02 -04:00
|
|
|
status)
|
|
|
|
|
}
|
