cors/config.go

package cors

import (
	"net/http"

	"github.com/gin-gonic/gin"
)

type cors struct {
	allowAllOrigins  bool
	allowCredentials bool
	allowOriginFunc  func(string) bool
	allowOrigins     []string
	exposeHeaders    []string
	normalHeaders    http.Header
	preflightHeaders http.Header
}

func newCors(config Config) *cors {
	if err := config.Validate(); err != nil {
		panic(err.Error())
	}
	return &cors{
		allowOriginFunc:  config.AllowOriginFunc,
		allowAllOrigins:  config.AllowAllOrigins,
		allowCredentials: config.AllowCredentials,
		allowOrigins:     normalize(config.AllowOrigins),
		normalHeaders:    generateNormalHeaders(config),
		preflightHeaders: generatePreflightHeaders(config),
	}
}

func (cors *cors) applyCors(c *gin.Context) {
	origin := c.Request.Header.Get("Origin")
	if len(origin) == 0 {
		// request is not a CORS request
		return
	}
	if !cors.validateOrigin(origin) {
		c.AbortWithStatus(http.StatusForbidden)
		return
	}

	if c.Request.Method == "OPTIONS" {
		cors.handlePreflight(c)
		defer c.AbortWithStatus(200)
	} else {
		cors.handleNormal(c)
	}

	if !cors.allowAllOrigins {
		c.Header("Access-Control-Allow-Origin", origin)
	}
}

func (cors *cors) validateOrigin(origin string) bool {
	if cors.allowAllOrigins {
		return true
	}
	for _, value := range cors.allowOrigins {
		if value == origin {
			return true
		}
	}
	if cors.allowOriginFunc != nil {
		return cors.allowOriginFunc(origin)
	}
	return false
}

func (cors *cors) handlePreflight(c *gin.Context) {
	header := c.Writer.Header()
	for key, value := range cors.preflightHeaders {
		header[key] = value
	}
}

func (cors *cors) handleNormal(c *gin.Context) {
	header := c.Writer.Header()
	for key, value := range cors.normalHeaders {
		header[key] = value
	}
}
Initial commit 2015-11-11 22:16:49 +01:00			`package cors`

			`import (`
			`"net/http"`

fix: revert gin link. (#20) 2017-03-18 13:45:46 +01:00			`"github.com/gin-gonic/gin"`
Initial commit 2015-11-11 22:16:49 +01:00			`)`

			`type cors struct {`
Renames some options 2015-11-12 15:14:38 +01:00			`allowAllOrigins bool`
Fix logic error for when setting allowedAllOrigins and allowedCredentials `Access-Control-Allow-Origin` should returning `Origin` originally of requests when allowCredentials and allowAllOrigins. 2016-12-04 12:25:10 +01:00			`allowCredentials bool`
Renames some options 2015-11-12 15:14:38 +01:00			`allowOriginFunc func(string) bool`
			`allowOrigins []string`
			`exposeHeaders []string`
			`normalHeaders http.Header`
			`preflightHeaders http.Header`
Initial commit 2015-11-11 22:16:49 +01:00			`}`

Fixes CORS 2015-11-12 01:17:15 +01:00			`func newCors(config Config) *cors {`
			`if err := config.Validate(); err != nil {`
Initial commit 2015-11-11 22:16:49 +01:00			`panic(err.Error())`
			`}`
			`return &cors{`
Renames some options 2015-11-12 15:14:38 +01:00			`allowOriginFunc: config.AllowOriginFunc,`
			`allowAllOrigins: config.AllowAllOrigins,`
Fix logic error for when setting allowedAllOrigins and allowedCredentials `Access-Control-Allow-Origin` should returning `Origin` originally of requests when allowCredentials and allowAllOrigins. 2016-12-04 12:25:10 +01:00			`allowCredentials: config.AllowCredentials,`
Renames some options 2015-11-12 15:14:38 +01:00			`allowOrigins: normalize(config.AllowOrigins),`
			`normalHeaders: generateNormalHeaders(config),`
			`preflightHeaders: generatePreflightHeaders(config),`
Initial commit 2015-11-11 22:16:49 +01:00			`}`
			`}`

			`func (cors cors) applyCors(c gin.Context) {`
			`origin := c.Request.Header.Get("Origin")`
			`if len(origin) == 0 {`
			`// request is not a CORS request`
			`return`
			`}`
			`if !cors.validateOrigin(origin) {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`c.AbortWithStatus(http.StatusForbidden)`
			`return`
Initial commit 2015-11-11 22:16:49 +01:00			`}`

			`if c.Request.Method == "OPTIONS" {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`cors.handlePreflight(c)`
Fixes #2 2016-06-26 19:04:15 +02:00			`defer c.AbortWithStatus(200)`
Initial commit 2015-11-11 22:16:49 +01:00			`} else {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`cors.handleNormal(c)`
Initial commit 2015-11-11 22:16:49 +01:00			`}`

fix: remove AllowCredentials check for allow origins (#16) 2017-02-27 07:30:00 +01:00			`if !cors.allowAllOrigins {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`c.Header("Access-Control-Allow-Origin", origin)`
			`}`
Initial commit 2015-11-11 22:16:49 +01:00			`}`

			`func (cors *cors) validateOrigin(origin string) bool {`
			`if cors.allowAllOrigins {`
			`return true`
			`}`
Renames some options 2015-11-12 15:14:38 +01:00			`for _, value := range cors.allowOrigins {`
Initial commit 2015-11-11 22:16:49 +01:00			`if value == origin {`
			`return true`
			`}`
			`}`
Renames some options 2015-11-12 15:14:38 +01:00			`if cors.allowOriginFunc != nil {`
			`return cors.allowOriginFunc(origin)`
Initial commit 2015-11-11 22:16:49 +01:00			`}`
			`return false`
			`}`

Fixes CORS 2015-11-12 01:17:15 +01:00			`func (cors cors) handlePreflight(c gin.Context) {`
			`header := c.Writer.Header()`
Initial commit 2015-11-11 22:16:49 +01:00			`for key, value := range cors.preflightHeaders {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`header[key] = value`
Initial commit 2015-11-11 22:16:49 +01:00			`}`
			`}`

Fixes CORS 2015-11-12 01:17:15 +01:00			`func (cors cors) handleNormal(c gin.Context) {`
			`header := c.Writer.Header()`
Initial commit 2015-11-11 22:16:49 +01:00			`for key, value := range cors.normalHeaders {`
Fixes CORS 2015-11-12 01:17:15 +01:00			`header[key] = value`
Initial commit 2015-11-11 22:16:49 +01:00			`}`
			`}`