Handle CORS requests (#6289)

14 files changed, 457 insertions, 12 deletions

diff --git a/vendor/github.com/Unknwon/com/dir.go b/vendor/github.com/Unknwon/com/dir.go
index c126d79da8..c16e9de333 100644
--- a/vendor/github.com/Unknwon/com/dir.go
+++ b/vendor/github.com/Unknwon/com/dir.go
@@ -32,7 +32,7 @@ func IsDir(dir string) bool {
 	return f.IsDir()
 }
 
-func statDir(dirPath, recPath string, includeDir, isDirOnly bool) ([]string, error) {
+func statDir(dirPath, recPath string, includeDir, isDirOnly, followSymlinks bool) ([]string, error) {
 	dir, err := os.Open(dirPath)
 	if err != nil {
 		return nil, err
@@ -56,13 +56,29 @@ func statDir(dirPath, recPath string, includeDir, isDirOnly bool) ([]string, err
 			if includeDir {
 				statList = append(statList, relPath+"/")
 			}
-			s, err := statDir(curPath, relPath, includeDir, isDirOnly)
+			s, err := statDir(curPath, relPath, includeDir, isDirOnly, followSymlinks)
 			if err != nil {
 				return nil, err
 			}
 			statList = append(statList, s...)
 		} else if !isDirOnly {
 			statList = append(statList, relPath)
+		} else if followSymlinks && fi.Mode()&os.ModeSymlink != 0 {
+			link, err := os.Readlink(curPath)
+			if err != nil {
+				return nil, err
+			}
+
+			if IsDir(link) {
+				if includeDir {
+					statList = append(statList, relPath+"/")
+				}
+				s, err := statDir(curPath, relPath, includeDir, isDirOnly, followSymlinks)
+				if err != nil {
+					return nil, err
+				}
+				statList = append(statList, s...)
+			}
 		}
 	}
 	return statList, nil
@@ -84,7 +100,26 @@ func StatDir(rootPath string, includeDir ...bool) ([]string, error) {
 	if len(includeDir) >= 1 {
 		isIncludeDir = includeDir[0]
 	}
-	return statDir(rootPath, "", isIncludeDir, false)
+	return statDir(rootPath, "", isIncludeDir, false, false)
+}
+
+// LstatDir gathers information of given directory by depth-first.
+// It returns slice of file list, follows symbolic links and includes subdirectories if enabled;
+// it returns error and nil slice when error occurs in underlying functions,
+// or given path is not a directory or does not exist.
+//
+// Slice does not include given path itself.
+// If subdirectories is enabled, they will have suffix '/'.
+func LstatDir(rootPath string, includeDir ...bool) ([]string, error) {
+	if !IsDir(rootPath) {
+		return nil, errors.New("not a directory or does not exist: " + rootPath)
+	}
+
+	isIncludeDir := false
+	if len(includeDir) >= 1 {
+		isIncludeDir = includeDir[0]
+	}
+	return statDir(rootPath, "", isIncludeDir, false, true)
 }
 
 // GetAllSubDirs returns all subdirectories of given root path.
@@ -93,7 +128,17 @@ func GetAllSubDirs(rootPath string) ([]string, error) {
 	if !IsDir(rootPath) {
 		return nil, errors.New("not a directory or does not exist: " + rootPath)
 	}
-	return statDir(rootPath, "", true, true)
+	return statDir(rootPath, "", true, true, false)
+}
+
+// LgetAllSubDirs returns all subdirectories of given root path, including
+// following symbolic links, if any.
+// Slice does not include given path itself.
+func LgetAllSubDirs(rootPath string) ([]string, error) {
+	if !IsDir(rootPath) {
+		return nil, errors.New("not a directory or does not exist: " + rootPath)
+	}
+	return statDir(rootPath, "", true, true, true)
 }
 
 // GetFileListBySuffix returns an ordered list of file paths.
diff --git a/vendor/github.com/Unknwon/com/go.mod b/vendor/github.com/Unknwon/com/go.mod
new file mode 100644
index 0000000000..0bb87b46af
--- /dev/null
+++ b/vendor/github.com/Unknwon/com/go.mod
@@ -0,0 +1,8 @@
+module github.com/Unknwon/com
+
+require (
+	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
+	github.com/jtolds/gls v4.2.1+incompatible // indirect
+	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
+	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c
+)
diff --git a/vendor/github.com/Unknwon/com/go.sum b/vendor/github.com/Unknwon/com/go.sum
new file mode 100644
index 0000000000..3fcc30358b
--- /dev/null
+++ b/vendor/github.com/Unknwon/com/go.sum
@@ -0,0 +1,8 @@
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
+github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c h1:Ho+uVpkel/udgjbwB5Lktg9BtvJSh2DT0Hi6LPSyI2w=
+github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
diff --git a/vendor/github.com/Unknwon/com/html.go b/vendor/github.com/Unknwon/com/html.go
index 762d94b050..8a99df4e08 100644
--- a/vendor/github.com/Unknwon/com/html.go
+++ b/vendor/github.com/Unknwon/com/html.go
@@ -36,7 +36,7 @@ func HtmlEncode(str string) string {
 	return html.EscapeString(str)
 }
 
-// decode string to html chars
+// HtmlDecode decodes string to html chars
 func HtmlDecode(str string) string {
 	return html.UnescapeString(str)
 }
diff --git a/vendor/github.com/Unknwon/com/http.go b/vendor/github.com/Unknwon/com/http.go
index 3415059ae9..cf0820f378 100644
--- a/vendor/github.com/Unknwon/com/http.go
+++ b/vendor/github.com/Unknwon/com/http.go
@@ -177,7 +177,7 @@ func FetchFiles(client *http.Client, files []RawFile, header http.Header) error
 	return nil
 }
 
-// FetchFiles uses command `curl` to fetch files specified by the rawURL field in parallel.
+// FetchFilesCurl uses command `curl` to fetch files specified by the rawURL field in parallel.
 func FetchFilesCurl(files []RawFile, curlOptions ...string) error {
 	ch := make(chan error, len(files))
 	for i := range files {
diff --git a/vendor/github.com/Unknwon/com/math.go b/vendor/github.com/Unknwon/com/math.go
index 99c56b6594..62b77e87c8 100644
--- a/vendor/github.com/Unknwon/com/math.go
+++ b/vendor/github.com/Unknwon/com/math.go
@@ -14,12 +14,12 @@
 
 package com
 
-// PowInt is int type of math.Pow function. 
+// PowInt is int type of math.Pow function.
 func PowInt(x int, y int) int {
 	if y <= 0 {
 		return 1
 	} else {
-		if y % 2 == 0 {
+		if y%2 == 0 {
 			sqrt := PowInt(x, y/2)
 			return sqrt * sqrt
 		} else {
diff --git a/vendor/github.com/Unknwon/com/regex.go b/vendor/github.com/Unknwon/com/regex.go
index 765bfc4311..14926474e0 100644
--- a/vendor/github.com/Unknwon/com/regex.go
+++ b/vendor/github.com/Unknwon/com/regex.go
@@ -37,19 +37,19 @@ func init() {
 	regex_url = regexp.MustCompile(regex_url_pattern)
 }
 
-// validate string is an email address, if not return false
+// IsEmail validates string is an email address, if not return false
 // basically validation can match 99% cases
 func IsEmail(email string) bool {
 	return regex_email.MatchString(email)
 }
 
-// validate string is an email address, if not return false
+// IsEmailRFC validates string is an email address, if not return false
 // this validation omits RFC 2822
 func IsEmailRFC(email string) bool {
 	return regex_strict_email.MatchString(email)
 }
 
-// validate string is a url link, if not return false
+// IsUrl validates string is a url link, if not return false
 // simple validation can match 99% cases
 func IsUrl(url string) bool {
 	return regex_url.MatchString(url)
diff --git a/vendor/github.com/Unknwon/com/slice.go b/vendor/github.com/Unknwon/com/slice.go
index 27801a4d7d..c3c9ab2e72 100644
--- a/vendor/github.com/Unknwon/com/slice.go
+++ b/vendor/github.com/Unknwon/com/slice.go
@@ -44,7 +44,7 @@ func CompareSliceStr(s1, s2 []string) bool {
 	return true
 }
 
-// CompareSliceStr compares two 'string' type slices.
+// CompareSliceStrU compares two 'string' type slices.
 // It returns true if elements are the same, and ignores the order.
 func CompareSliceStrU(s1, s2 []string) bool {
 	if len(s1) != len(s2) {
diff --git a/vendor/github.com/go-macaron/cors/.gitignore b/vendor/github.com/go-macaron/cors/.gitignore
new file mode 100644
index 0000000000..f1c181ec9c
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/.gitignore
@@ -0,0 +1,12 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
diff --git a/vendor/github.com/go-macaron/cors/LICENSE b/vendor/github.com/go-macaron/cors/LICENSE
new file mode 100644
index 0000000000..261eeb9e9f
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/go-macaron/cors/README.md b/vendor/github.com/go-macaron/cors/README.md
new file mode 100644
index 0000000000..be1cdca1a9
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/README.md
@@ -0,0 +1,2 @@
+# cors
+Package cors is a middleware that handles CORS requests &amp; headers for Macaron.
diff --git a/vendor/github.com/go-macaron/cors/cors.go b/vendor/github.com/go-macaron/cors/cors.go
new file mode 100644
index 0000000000..b0cec3ddd8
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/cors.go
@@ -0,0 +1,139 @@
+package cors
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	macaron "gopkg.in/macaron.v1"
+)
+
+const _VERSION = "0.1.0"
+
+func Version() string {
+	return _VERSION
+}
+
+// Options represents a struct for specifying configuration options for the CORS middleware.
+type Options struct {
+	Section          string
+	Scheme           string
+	AllowDomain      string
+	AllowSubdomain   bool
+	Methods          []string
+	MaxAgeSeconds    int
+	AllowCredentials bool
+}
+
+func prepareOptions(options []Options) Options {
+	var opt Options
+	if len(options) > 0 {
+		opt = options[0]
+	}
+
+	if len(opt.Section) == 0 {
+		opt.Section = "cors"
+	}
+	sec := macaron.Config().Section(opt.Section)
+
+	if len(opt.Scheme) == 0 {
+		opt.Scheme = sec.Key("SCHEME").MustString("http")
+	}
+	if len(opt.AllowDomain) == 0 {
+		opt.AllowDomain = sec.Key("ALLOW_DOMAIN").MustString("*")
+	}
+	if !opt.AllowSubdomain {
+		opt.AllowSubdomain = sec.Key("ALLOW_SUBDOMAIN").MustBool(false)
+	}
+	if len(opt.Methods) == 0 {
+		opt.Methods = sec.Key("METHODS").Strings(",")
+		if len(opt.Methods) == 0 {
+			opt.Methods = []string{
+				http.MethodGet,
+				http.MethodHead,
+				http.MethodPost,
+				http.MethodPut,
+				http.MethodPatch,
+				http.MethodDelete,
+				http.MethodOptions,
+			}
+		}
+	}
+	if opt.MaxAgeSeconds <= 0 {
+		// cache options response for 600 secs
+		// ref: https://stackoverflow.com/questions/54300997/is-it-possible-to-cache-http-options-response?noredirect=1#comment95790277_54300997
+		// ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+		opt.MaxAgeSeconds = sec.Key("MAX_AGE_SECONDS").MustInt(600)
+	}
+	if !opt.AllowCredentials {
+		opt.AllowCredentials = sec.Key("ALLOW_CREDENTIALS").MustBool(true)
+	}
+
+	return opt
+}
+
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+// https://fetch.spec.whatwg.org/#cors-protocol-and-credentials
+// For requests without credentials, the server may specify "*" as a wildcard, thereby allowing any origin to access the resource.
+func CORS(options ...Options) macaron.Handler {
+	opt := prepareOptions(options)
+	return func(ctx *macaron.Context, log *log.Logger) {
+		reqOptions := ctx.Req.Method == http.MethodOptions
+
+		headers := map[string]string{
+			"access-control-allow-methods": strings.Join(opt.Methods, ","),
+			"access-control-allow-headers": ctx.Req.Header.Get("access-control-request-headers"),
+			"access-control-max-age":       strconv.Itoa(opt.MaxAgeSeconds),
+		}
+		if opt.AllowDomain == "*" {
+			headers["access-control-allow-origin"] = "*"
+		} else if opt.AllowDomain != "" {
+			origin := ctx.Req.Header.Get("Origin")
+			if reqOptions && origin == "" {
+				respErrorf(ctx, log, http.StatusBadRequest, "missing origin header in CORS request")
+				return
+			}
+
+			u, err := url.Parse(origin)
+			if err != nil {
+				respErrorf(ctx, log, http.StatusBadRequest, "Failed to parse CORS origin header. Reason: %v", err)
+				return
+			}
+
+			ok := u.Hostname() == opt.AllowDomain ||
+				(opt.AllowSubdomain && strings.HasSuffix(u.Hostname(), "."+opt.AllowDomain))
+			if ok {
+				u.Scheme = opt.Scheme
+				headers["access-control-allow-origin"] = u.String()
+				headers["access-control-allow-credentials"] = strconv.FormatBool(opt.AllowCredentials)
+				headers["vary"] = "Origin"
+			}
+			if reqOptions && !ok {
+				respErrorf(ctx, log, http.StatusBadRequest, "CORS request from prohibited domain %v", origin)
+				return
+			}
+		}
+		ctx.Resp.Before(func(w macaron.ResponseWriter) {
+			for k, v := range headers {
+				w.Header().Set(k, v)
+			}
+		})
+		if reqOptions {
+			ctx.Status(200) // return response
+		}
+	}
+}
+
+func respErrorf(ctx *macaron.Context, log *log.Logger, statusCode int, format string, a ...interface{}) {
+	msg := fmt.Sprintf(format, a...)
+	log.Println(msg)
+	ctx.WriteHeader(statusCode)
+	_, err := ctx.Write([]byte(msg))
+	if err != nil {
+		panic(err)
+	}
+	return
+}
diff --git a/vendor/github.com/go-macaron/cors/go.mod b/vendor/github.com/go-macaron/cors/go.mod
new file mode 100644
index 0000000000..6e03401924
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/go.mod
@@ -0,0 +1,11 @@
+module github.com/go-macaron/cors
+
+go 1.12
+
+require (
+	github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755 // indirect
+	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 // indirect
+	golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480 // indirect
+	gopkg.in/ini.v1 v1.42.0 // indirect
+	gopkg.in/macaron.v1 v1.3.2
+)
diff --git a/vendor/github.com/go-macaron/cors/go.sum b/vendor/github.com/go-macaron/cors/go.sum
new file mode 100644
index 0000000000..782d98c540
--- /dev/null
+++ b/vendor/github.com/go-macaron/cors/go.sum
@@ -0,0 +1,19 @@
+github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755 h1:1B7wb36fHLSwZfHg6ngZhhtIEHQjiC5H4p7qQGBEffg=
+github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755/go.mod h1:voKvFVpXBJxdIPeqjoJuLK+UVcRlo/JLjeToGxPYu68=
+github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 h1:NjHlg70DuOkcAMqgt0+XA+NHwtu66MkTVVgR4fFWbcI=
+github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191/go.mod h1:VFI2o2q9kYsC4o7VP1HrEVosiZZTd+MVT3YZx4gqvJw=
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
+github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c h1:Ho+uVpkel/udgjbwB5Lktg9BtvJSh2DT0Hi6LPSyI2w=
+github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
+golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480 h1:O5YqonU5IWby+w98jVUG9h7zlCWCcH4RHyPVReBmhzk=
+golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+gopkg.in/ini.v1 v1.42.0 h1:7N3gPTt50s8GuLortA00n8AqRTk75qOP98+mTPpgzRk=
+gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/macaron.v1 v1.3.2 h1:AvWIaPmwBUA87/OWzePkoxeaw6YJWDfBt1pDFPBnLf8=
+gopkg.in/macaron.v1 v1.3.2/go.mod h1:PrsiawTWAGZs6wFbT5hlr7SQ2Ns9h7cUVtcUu4lQOVo=