fix: only enable cors for relay routers to avoid csrf attack

2025-11-09 23:53:41 +08:00 · 2023-09-17 11:44:38 +08:00
parent 0d50ad4b2b
commit 25c4c111ab
2 changed files with 1 additions and 2 deletions
--- a/main.go
+++ b/main.go
@@ -7,7 +7,6 @@ import (
 	"github.com/gin-gonic/gin"
 	"one-api/common"
 	"one-api/controller"
-	"one-api/middleware"
 	"one-api/model"
 	"one-api/router"
 	"os"
@@ -88,7 +87,6 @@ func main() {
 	server := gin.Default()
 	// This will cause SSE not to work!!!
 	//server.Use(gzip.Gzip(gzip.DefaultCompression))
-	server.Use(middleware.CORS())

 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))