diff --git a/go.mod b/go.mod index d1e1e9e..eb82e6c 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 github.com/rabbitmq/amqp091-go v1.9.0 github.com/robfig/cron/v3 v3.0.1 + github.com/rs/cors v1.11.1 github.com/spf13/viper v1.18.2 github.com/swaggo/swag v1.16.3 github.com/unrolled/secure v1.14.0 @@ -224,7 +225,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.2.0 // indirect github.com/prometheus/client_golang v1.19.0 - github.com/rs/cors v1.10.1 github.com/rs/zerolog v1.32.0 github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect @@ -238,7 +238,7 @@ require ( github.com/swaggo/http-swagger v1.3.4 go.mongodb.org/mongo-driver v1.14.0 go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect + golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 golang.org/x/sys v0.20.0 // indirect golang.org/x/text v0.15.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 68d8e55..bf703e2 100644 --- a/go.sum +++ b/go.sum @@ -1009,8 +1009,8 @@ github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/f github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo= -github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= +github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= diff --git a/tests/integration_test/healthcheck_test.go b/tests/integration_test/healthcheck_test.go index 105d130..09ff4ec 100644 --- a/tests/integration_test/healthcheck_test.go +++ b/tests/integration_test/healthcheck_test.go @@ -81,12 +81,11 @@ func TestOptionsRequest(t *testing.T) { req, err := http.NewRequest("OPTIONS", url, nil) assert.NoError(t, err, "making OPTION request to health check endpoint should not fail") req.Header.Add("Origin", "https://dashboard.testnet3.babylonlabs-io.io") - req.Header.Add("Access-Control-Request-Headers", "Content-Type") req.Header.Add("Access-Control-Request-Method", "GET") // Send the request resp, err := client.Do(req) - assert.NoError(t, err, "making OPTION request to polygon address check endpoint should not fail") + assert.NoError(t, err, "making OPTION request to health check endpoint should not fail") defer resp.Body.Close() // Check that the status code is HTTP 204 @@ -124,4 +123,4 @@ func TestSecurityHeaders(t *testing.T) { assert.Equal(t, "DENY", resp.Header.Get("X-Frame-Options"), "expected X-Frame-Options to be DENY") assert.Equal(t, "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://stackpath.bootstrap.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://stackpath.bootstrap.com; img-src 'self' data: https://cdnjs.cloudflare.com https://stackpath.bootstrap.com; font-src 'self' https://cdnjs.cloudflare.com https://stackpath.bootstrap.com; object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; base-uri 'self';", resp.Header.Get("Content-Security-Policy"), "expected Swagger Content-Security-Policy") assert.Equal(t, "strict-origin-when-cross-origin", resp.Header.Get("Referrer-Policy"), "expected Referrer-Policy to be strict-origin-when-cross-origin") -} \ No newline at end of file +}