fix: add cors headers

ca/ca.go

@@ -6,6 +6,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
+	"github.com/go-chi/cors"
 	"log"
 	"net"
 	"net/http"
@@ -187,6 +188,16 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
 	mux.Use(middleware.GetHead)
 	insecureMux.Use(middleware.GetHead)
 
+	// Add CORS headers so web clients can use the CA
+	c := cors.New(cors.Options{
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   []string{"GET", "POST", "OPTIONS", "HEAD"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "Allow", "Replay-Nonce", "Location"},
+		ExposedHeaders:   []string{"Replay-Nonce", "Location"},
+		AllowCredentials: false,
+	})
+	handler = c.Handler(handler)
+
 	// Add regular CA api endpoints in / and /1.0
 	api.Route(mux)
 	mux.Route("/1.0", func(r chi.Router) {

go.mod

@@ -66,6 +66,7 @@ require (
 	github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de // indirect
 	github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/go-chi/cors v1.2.1 //indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-kit/kit v0.9.0 // indirect
 	github.com/go-logfmt/logfmt v0.5.1 // indirect