fix empty response body when allowedOrigins is set

launchdarkly · Apr 29, 2022 · 5933dec · 5933dec
1 parent a231ae2
commit 5933dec
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/internal/core/middleware/middleware.go b/internal/core/middleware/middleware.go
@@ -129,14 +129,15 @@ func CORS(next http.Handler) http.Handler {
 			headers = corsContext.AllowedHeaders()
 		}
 		if len(domains) > 0 {
+			domain := domains[0]
 			for _, d := range domains {
 				if r.Header.Get("Origin") == d {
-					browser.SetCORSHeaders(w, d, headers)
-					return
+					domain = d
+					break
 				}
 			}
 			// Not a valid origin, set allowed origin to any allowed origin
-			browser.SetCORSHeaders(w, domains[0], headers)
+			browser.SetCORSHeaders(w, domain, headers)
 		} else {
 			origin := browser.DefaultAllowedOrigin
 			if r.Header.Get("Origin") != "" {