From c79f5941c7b6251d0965d74699faf14e87492c45 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 27 Jan 2015 16:36:12 -0900
Subject: [PATCH] Setup CORS

---
 bactdb.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/bactdb.go b/bactdb.go
index 00a3c7f..56946fd 100644
--- a/bactdb.go
+++ b/bactdb.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/codegangsta/cli"
 	"github.com/thermokarst/bactdb/api"
@@ -61,7 +62,7 @@ func cmdServe(c *cli.Context) {
 	}
 
 	m := http.NewServeMux()
-	m.Handle("/api/", http.StripPrefix("/api", api.Handler()))
+	m.Handle("/api/", http.StripPrefix("/api", corsHandler(api.Handler())))
 	log.Print("Listening on ", httpAddr)
 	err = http.ListenAndServe(httpAddr, m)
 	if err != nil {
@@ -79,3 +80,22 @@ func cmdCreateDB(c *cli.Context) {
 	}
 	datastore.Create(migrationsPath)
 }
+
+func corsHandler(h http.Handler) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		domains := os.Getenv("DOMAINS")
+		allowedDomains := strings.Split(domains, ",")
+		if origin := r.Header.Get("Origin"); origin != "" {
+			for _, s := range allowedDomains {
+				if s == origin {
+					w.Header().Set("Access-Control-Allow-Origin", origin)
+					w.Header().Set("Access-Control-Allow-Headers", r.Header.Get("Access-Control-Request-Headers"))
+					w.Header().Set("Access-Control-Allow-Methods", r.Header.Get("Access-Control-Request-Method"))
+				}
+			}
+		}
+		if r.Method != "OPTIONS" {
+			h.ServeHTTP(w, r)
+		}
+	}
+}