Add configurable CORS Change-Id: I6b902e028c1f192987b4d7d6415aad456137c520

commit: f1ca882b557a79ec2bcb29178c8e731821600d79 [log] [tgz]
author: Akron <nils@diewald-online.de> Wed May 20 15:44:00 2026 +0200
committer: Akron <nils@diewald-online.de> Wed May 20 15:44:00 2026 +0200
tree: 2a89f734d9841a7632c55f700255645173ed0882
parent: 4ae70e9ecbae13a2f03fcd19a43f8593b926865a [diff] [blame]
diff --git a/cmd/koralmapper/main.go b/cmd/koralmapper/main.go
index eac2984..50bdace 100644
--- a/cmd/koralmapper/main.go
+++ b/cmd/koralmapper/main.go

@@ -20,6 +20,7 @@
 	"github.com/KorAP/Koral-Mapper/mapper"
 	"github.com/alecthomas/kong"
 	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/cors"
 	"github.com/gofiber/fiber/v2/middleware/limiter"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -335,6 +336,18 @@
 		return c.Next()
 	})
 
+	// CORS middleware to allow cross-origin requests from trusted
+	// origins. Required because the service is designed to be
+	// called as a KorAP/Kalamar plugin from cross-origin iframes.
+	// Configurable via the "allowOrigins" YAML key or the
+	// KORAL_MAPPER_ALLOW_ORIGINS environment variable
+	// (default: "https://korap.ids-mannheim.de").
+	app.Use(cors.New(cors.Config{
+		AllowOrigins: yamlConfig.AllowOrigins,
+		AllowMethods: "GET,POST",
+		AllowHeaders: "Content-Type",
+	}))
+
 	// Rate limiting middleware to prevent resource exhaustion from
 	// request floods. The maximum number of requests per minute
 	// per IP is configurable via the "rateLimit" YAML key or the
commit	f1ca882b557a79ec2bcb29178c8e731821600d79	[log] [tgz]
author	Akron <nils@diewald-online.de>	Wed May 20 15:44:00 2026 +0200
committer	Akron <nils@diewald-online.de>	Wed May 20 15:44:00 2026 +0200
tree	2a89f734d9841a7632c55f700255645173ed0882
parent	4ae70e9ecbae13a2f03fcd19a43f8593b926865a [diff] [blame]