2015-11-12 01:17:15 +01:00
|
|
|
package cors
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
2016-11-08 11:29:12 +01:00
|
|
|
type converter func(string) string
|
|
|
|
|
2015-11-12 01:17:15 +01:00
|
|
|
func generateNormalHeaders(c Config) http.Header {
|
|
|
|
headers := make(http.Header)
|
|
|
|
if c.AllowCredentials {
|
|
|
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
|
|
|
}
|
2015-11-12 15:14:38 +01:00
|
|
|
if len(c.ExposeHeaders) > 0 {
|
2016-11-08 11:29:12 +01:00
|
|
|
exposeHeaders := convert(normalize(c.ExposeHeaders), http.CanonicalHeaderKey)
|
2015-11-12 15:14:38 +01:00
|
|
|
headers.Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ","))
|
2015-11-12 01:17:15 +01:00
|
|
|
}
|
|
|
|
if c.AllowAllOrigins {
|
|
|
|
headers.Set("Access-Control-Allow-Origin", "*")
|
|
|
|
} else {
|
|
|
|
headers.Set("Vary", "Origin")
|
|
|
|
}
|
|
|
|
return headers
|
|
|
|
}
|
|
|
|
|
|
|
|
func generatePreflightHeaders(c Config) http.Header {
|
|
|
|
headers := make(http.Header)
|
|
|
|
if c.AllowCredentials {
|
|
|
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
|
|
|
}
|
2015-11-12 15:14:38 +01:00
|
|
|
if len(c.AllowMethods) > 0 {
|
2016-11-08 11:29:12 +01:00
|
|
|
allowMethods := convert(normalize(c.AllowMethods), strings.ToUpper)
|
2015-11-12 15:14:38 +01:00
|
|
|
value := strings.Join(allowMethods, ",")
|
2015-11-12 01:17:15 +01:00
|
|
|
headers.Set("Access-Control-Allow-Methods", value)
|
|
|
|
}
|
2015-11-12 15:14:38 +01:00
|
|
|
if len(c.AllowHeaders) > 0 {
|
2016-11-08 11:29:12 +01:00
|
|
|
allowHeaders := convert(normalize(c.AllowHeaders), http.CanonicalHeaderKey)
|
2015-11-12 15:14:38 +01:00
|
|
|
value := strings.Join(allowHeaders, ",")
|
2015-11-12 01:17:15 +01:00
|
|
|
headers.Set("Access-Control-Allow-Headers", value)
|
|
|
|
}
|
|
|
|
if c.MaxAge > time.Duration(0) {
|
|
|
|
value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10)
|
|
|
|
headers.Set("Access-Control-Max-Age", value)
|
|
|
|
}
|
|
|
|
if c.AllowAllOrigins {
|
|
|
|
headers.Set("Access-Control-Allow-Origin", "*")
|
|
|
|
} else {
|
2016-11-08 11:29:12 +01:00
|
|
|
// Always set Vary headers
|
|
|
|
// see https://github.com/rs/cors/issues/10,
|
|
|
|
// https://github.com/rs/cors/commit/dbdca4d95feaa7511a46e6f1efb3b3aa505bc43f#commitcomment-12352001
|
|
|
|
|
|
|
|
headers.Add("Vary", "Origin")
|
|
|
|
headers.Add("Vary", "Access-Control-Request-Method")
|
|
|
|
headers.Add("Vary", "Access-Control-Request-Headers")
|
2015-11-12 01:17:15 +01:00
|
|
|
}
|
|
|
|
return headers
|
|
|
|
}
|
|
|
|
|
|
|
|
func normalize(values []string) []string {
|
|
|
|
if values == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
distinctMap := make(map[string]bool, len(values))
|
|
|
|
normalized := make([]string, 0, len(values))
|
|
|
|
for _, value := range values {
|
|
|
|
value = strings.TrimSpace(value)
|
|
|
|
value = strings.ToLower(value)
|
|
|
|
if _, seen := distinctMap[value]; !seen {
|
|
|
|
normalized = append(normalized, value)
|
|
|
|
distinctMap[value] = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return normalized
|
|
|
|
}
|
2016-11-08 11:29:12 +01:00
|
|
|
|
|
|
|
func convert(s []string, c converter) []string {
|
|
|
|
var out []string
|
|
|
|
for _, i := range s {
|
|
|
|
out = append(out, c(i))
|
|
|
|
}
|
|
|
|
return out
|
|
|
|
}
|