From bd58c226ef22cb6613b04bd240a02565c12e59d6 Mon Sep 17 00:00:00 2001
From: Shion Ichikawa <shion1305@gmail.com>
Date: Sat, 16 Mar 2024 09:15:15 +0900
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Origin=20->=20Referer=20in=20mid?=
 =?UTF-8?q?dleware/cors?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 svc/pkg/middleware/cors.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/svc/pkg/middleware/cors.go b/svc/pkg/middleware/cors.go
index ac48519..ed9e560 100644
--- a/svc/pkg/middleware/cors.go
+++ b/svc/pkg/middleware/cors.go
@@ -22,18 +22,16 @@ func (cr CORS) ConfigureCORS(rg *gin.RouterGroup) {
 }
 
 func (cr CORS) middleware() gin.HandlerFunc {
-	allowedOrigins := []string{cr.targetHost, "http://localhost:3000", "https://localhost:3001"}
+	allowedOrigins := []string{cr.targetHost, "http://localhost:3000"}
 	return func(c *gin.Context) {
-		origin := c.Request.Header.Get("Origin")
-
-		var allowedOrigin string
+		referer := c.Request.Header.Get("Referer")
+		allowedOrigin := ""
 		for _, o := range allowedOrigins {
-			if origin == o {
-				allowedOrigin = o
+			if referer == o || referer == o+"/" {
+				allowedOrigin = referer
 				break
 			}
 		}
-
 		c.Header("Access-Control-Allow-Origin", allowedOrigin)
 		c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
 		c.Header("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, Authorization")