Compare commits
No commits in common. "master" and "new" have entirely different histories.
@ -2,10 +2,9 @@ language: go
|
|||||||
sudo: false
|
sudo: false
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.6.x
|
- 1.5.4
|
||||||
- 1.7.x
|
- 1.6.3
|
||||||
- 1.8.x
|
- 1.7.3
|
||||||
- 1.9.x
|
|
||||||
- tip
|
- tip
|
||||||
|
|
||||||
script:
|
script:
|
||||||
|
15
README.md
15
README.md
@ -4,7 +4,8 @@
|
|||||||
[![codecov](https://codecov.io/gh/gin-contrib/cors/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/cors)
|
[![codecov](https://codecov.io/gh/gin-contrib/cors/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/cors)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/cors)](https://goreportcard.com/report/github.com/gin-contrib/cors)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/cors)](https://goreportcard.com/report/github.com/gin-contrib/cors)
|
||||||
[![GoDoc](https://godoc.org/github.com/gin-contrib/cors?status.svg)](https://godoc.org/github.com/gin-contrib/cors)
|
[![GoDoc](https://godoc.org/github.com/gin-contrib/cors?status.svg)](https://godoc.org/github.com/gin-contrib/cors)
|
||||||
[![Join the chat at https://gitter.im/gin-gonic/gin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gin-gonic/gin)
|
[![Join the chat at https://gitter.im/gin-gonic/gin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gin-gonic/gin?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||||
|
|
||||||
|
|
||||||
Gin middleware/handler to enable CORS support.
|
Gin middleware/handler to enable CORS support.
|
||||||
|
|
||||||
@ -12,16 +13,16 @@ Gin middleware/handler to enable CORS support.
|
|||||||
|
|
||||||
### Start using it
|
### Start using it
|
||||||
|
|
||||||
Download and install it:
|
1. Download and install it:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ go get github.com/gin-contrib/cors
|
$ go get gopkg.in/gin-contrib/cors.v1
|
||||||
```
|
```
|
||||||
|
|
||||||
Import it in your code:
|
2. Import it in your code:
|
||||||
|
|
||||||
```go
|
```go
|
||||||
import "github.com/gin-contrib/cors"
|
import "gopkg.in/gin-contrib/cors.v1"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Canonical example:
|
### Canonical example:
|
||||||
@ -32,8 +33,8 @@ package main
|
|||||||
import (
|
import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-contrib/cors"
|
"gopkg.in/gin-contrib/cors.v1"
|
||||||
"github.com/gin-gonic/gin"
|
"gopkg.in/gin-gonic/gin.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
@ -3,12 +3,11 @@ package cors
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"gopkg.in/gin-gonic/gin.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
type cors struct {
|
type cors struct {
|
||||||
allowAllOrigins bool
|
allowAllOrigins bool
|
||||||
allowCredentials bool
|
|
||||||
allowOriginFunc func(string) bool
|
allowOriginFunc func(string) bool
|
||||||
allowOrigins []string
|
allowOrigins []string
|
||||||
exposeHeaders []string
|
exposeHeaders []string
|
||||||
@ -23,7 +22,6 @@ func newCors(config Config) *cors {
|
|||||||
return &cors{
|
return &cors{
|
||||||
allowOriginFunc: config.AllowOriginFunc,
|
allowOriginFunc: config.AllowOriginFunc,
|
||||||
allowAllOrigins: config.AllowAllOrigins,
|
allowAllOrigins: config.AllowAllOrigins,
|
||||||
allowCredentials: config.AllowCredentials,
|
|
||||||
allowOrigins: normalize(config.AllowOrigins),
|
allowOrigins: normalize(config.AllowOrigins),
|
||||||
normalHeaders: generateNormalHeaders(config),
|
normalHeaders: generateNormalHeaders(config),
|
||||||
preflightHeaders: generatePreflightHeaders(config),
|
preflightHeaders: generatePreflightHeaders(config),
|
||||||
|
10
cors.go
10
cors.go
@ -5,7 +5,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"gopkg.in/gin-gonic/gin.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config represents all available options for the middleware.
|
// Config represents all available options for the middleware.
|
||||||
@ -14,7 +14,7 @@ type Config struct {
|
|||||||
|
|
||||||
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
|
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
|
||||||
// If the special "*" value is present in the list, all origins will be allowed.
|
// If the special "*" value is present in the list, all origins will be allowed.
|
||||||
// Default value is []
|
// Default value is ["*"]
|
||||||
AllowOrigins []string
|
AllowOrigins []string
|
||||||
|
|
||||||
// AllowOriginFunc is a custom function to validate the origin. It take the origin
|
// AllowOriginFunc is a custom function to validate the origin. It take the origin
|
||||||
@ -28,6 +28,8 @@ type Config struct {
|
|||||||
|
|
||||||
// AllowedHeaders is list of non simple headers the client is allowed to use with
|
// AllowedHeaders is list of non simple headers the client is allowed to use with
|
||||||
// cross-domain requests.
|
// cross-domain requests.
|
||||||
|
// If the special "*" value is present in the list, all headers will be allowed.
|
||||||
|
// Default value is [] but "Origin" is always appended to the list.
|
||||||
AllowHeaders []string
|
AllowHeaders []string
|
||||||
|
|
||||||
// AllowCredentials indicates whether the request can include user credentials like
|
// AllowCredentials indicates whether the request can include user credentials like
|
||||||
@ -67,8 +69,8 @@ func (c Config) Validate() error {
|
|||||||
return errors.New("conflict settings: all origins disabled")
|
return errors.New("conflict settings: all origins disabled")
|
||||||
}
|
}
|
||||||
for _, origin := range c.AllowOrigins {
|
for _, origin := range c.AllowOrigins {
|
||||||
if origin != "*" && !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
|
if !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
|
||||||
return errors.New("bad origin: origins must either be '*' or include http:// or https://")
|
return errors.New("bad origin: origins must include http:// or https://")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
71
cors_test.go
71
cors_test.go
@ -3,12 +3,11 @@ package cors
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"gopkg.in/gin-gonic/gin.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -95,14 +94,6 @@ func TestNormalize(t *testing.T) {
|
|||||||
assert.Equal(t, values, []string{})
|
assert.Equal(t, values, []string{})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestConvert(t *testing.T) {
|
|
||||||
methods := []string{"Get", "GET", "get"}
|
|
||||||
headers := []string{"X-CSRF-TOKEN", "X-CSRF-Token", "x-csrf-token"}
|
|
||||||
|
|
||||||
assert.Equal(t, []string{"GET", "GET", "GET"}, convert(methods, strings.ToUpper))
|
|
||||||
assert.Equal(t, []string{"X-Csrf-Token", "X-Csrf-Token", "X-Csrf-Token"}, convert(headers, http.CanonicalHeaderKey))
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestGenerateNormalHeaders_AllowAllOrigins(t *testing.T) {
|
func TestGenerateNormalHeaders_AllowAllOrigins(t *testing.T) {
|
||||||
header := generateNormalHeaders(Config{
|
header := generateNormalHeaders(Config{
|
||||||
AllowAllOrigins: false,
|
AllowAllOrigins: false,
|
||||||
@ -132,7 +123,7 @@ func TestGenerateNormalHeaders_ExposedHeaders(t *testing.T) {
|
|||||||
header := generateNormalHeaders(Config{
|
header := generateNormalHeaders(Config{
|
||||||
ExposeHeaders: []string{"X-user", "xPassword"},
|
ExposeHeaders: []string{"X-user", "xPassword"},
|
||||||
})
|
})
|
||||||
assert.Equal(t, header.Get("Access-Control-Expose-Headers"), "X-User,Xpassword")
|
assert.Equal(t, header.Get("Access-Control-Expose-Headers"), "x-user,xpassword")
|
||||||
assert.Equal(t, header.Get("Vary"), "Origin")
|
assert.Equal(t, header.Get("Vary"), "Origin")
|
||||||
assert.Len(t, header, 2)
|
assert.Len(t, header, 2)
|
||||||
}
|
}
|
||||||
@ -166,7 +157,7 @@ func TestGeneratePreflightHeaders_AllowedMethods(t *testing.T) {
|
|||||||
header := generatePreflightHeaders(Config{
|
header := generatePreflightHeaders(Config{
|
||||||
AllowMethods: []string{"GET ", "post", "PUT", " put "},
|
AllowMethods: []string{"GET ", "post", "PUT", " put "},
|
||||||
})
|
})
|
||||||
assert.Equal(t, header.Get("Access-Control-Allow-Methods"), "GET,POST,PUT")
|
assert.Equal(t, header.Get("Access-Control-Allow-Methods"), "get,post,put")
|
||||||
assert.Equal(t, header.Get("Vary"), "Origin")
|
assert.Equal(t, header.Get("Vary"), "Origin")
|
||||||
assert.Len(t, header, 2)
|
assert.Len(t, header, 2)
|
||||||
}
|
}
|
||||||
@ -175,7 +166,7 @@ func TestGeneratePreflightHeaders_AllowedHeaders(t *testing.T) {
|
|||||||
header := generatePreflightHeaders(Config{
|
header := generatePreflightHeaders(Config{
|
||||||
AllowHeaders: []string{"X-user", "Content-Type"},
|
AllowHeaders: []string{"X-user", "Content-Type"},
|
||||||
})
|
})
|
||||||
assert.Equal(t, header.Get("Access-Control-Allow-Headers"), "X-User,Content-Type")
|
assert.Equal(t, header.Get("Access-Control-Allow-Headers"), "x-user,content-type")
|
||||||
assert.Equal(t, header.Get("Vary"), "Origin")
|
assert.Equal(t, header.Get("Vary"), "Origin")
|
||||||
assert.Len(t, header, 2)
|
assert.Len(t, header, 2)
|
||||||
}
|
}
|
||||||
@ -217,7 +208,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
|
|||||||
AllowMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
|
AllowMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
|
||||||
AllowHeaders: []string{"Content-type", "timeStamp "},
|
AllowHeaders: []string{"Content-type", "timeStamp "},
|
||||||
ExposeHeaders: []string{"Data", "x-User"},
|
ExposeHeaders: []string{"Data", "x-User"},
|
||||||
AllowCredentials: false,
|
AllowCredentials: true,
|
||||||
MaxAge: 12 * time.Hour,
|
MaxAge: 12 * time.Hour,
|
||||||
AllowOriginFunc: func(origin string) bool {
|
AllowOriginFunc: func(origin string) bool {
|
||||||
return origin == "http://github.com"
|
return origin == "http://github.com"
|
||||||
@ -226,43 +217,37 @@ func TestPassesAllowedOrigins(t *testing.T) {
|
|||||||
|
|
||||||
// no CORS request, origin == ""
|
// no CORS request, origin == ""
|
||||||
w := performRequest(router, "GET", "")
|
w := performRequest(router, "GET", "")
|
||||||
assert.Equal(t, "get", w.Body.String())
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
|
||||||
// allowed CORS request
|
// allowed CORS request
|
||||||
w = performRequest(router, "GET", "http://google.com")
|
w = performRequest(router, "GET", "http://google.com")
|
||||||
assert.Equal(t, "get", w.Body.String())
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
assert.Equal(t, "http://google.com", w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
|
||||||
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
||||||
assert.Equal(t, "Data,X-User", w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data,x-user")
|
||||||
|
|
||||||
w = performRequest(router, "GET", "http://github.com")
|
|
||||||
assert.Equal(t, "get", w.Body.String())
|
|
||||||
assert.Equal(t, "http://github.com", w.Header().Get("Access-Control-Allow-Origin"))
|
|
||||||
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
|
||||||
assert.Equal(t, "Data,X-User", w.Header().Get("Access-Control-Expose-Headers"))
|
|
||||||
|
|
||||||
// deny CORS request
|
// deny CORS request
|
||||||
w = performRequest(router, "GET", "https://google.com")
|
w = performRequest(router, "GET", "https://google.com")
|
||||||
assert.Equal(t, 403, w.Code)
|
assert.Equal(t, w.Code, 403)
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
|
||||||
// allowed CORS prefligh request
|
// allowed CORS prefligh request
|
||||||
w = performRequest(router, "OPTIONS", "http://github.com")
|
w = performRequest(router, "OPTIONS", "http://github.com")
|
||||||
assert.Equal(t, 200, w.Code)
|
assert.Equal(t, w.Code, 200)
|
||||||
assert.Equal(t, "http://github.com", w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
|
||||||
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
||||||
assert.Equal(t, "GET,POST,PUT,HEAD", w.Header().Get("Access-Control-Allow-Methods"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "get,post,put,head")
|
||||||
assert.Equal(t, "Content-Type,Timestamp", w.Header().Get("Access-Control-Allow-Headers"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type,timestamp")
|
||||||
assert.Equal(t, "43200", w.Header().Get("Access-Control-Max-Age"))
|
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")
|
||||||
|
|
||||||
// deny CORS prefligh request
|
// deny CORS prefligh request
|
||||||
w = performRequest(router, "OPTIONS", "http://example.com")
|
w = performRequest(router, "OPTIONS", "http://example.com")
|
||||||
assert.Equal(t, 403, w.Code)
|
assert.Equal(t, w.Code, 403)
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Methods"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Methods"))
|
||||||
@ -282,26 +267,24 @@ func TestPassesAllowedAllOrigins(t *testing.T) {
|
|||||||
|
|
||||||
// no CORS request, origin == ""
|
// no CORS request, origin == ""
|
||||||
w := performRequest(router, "GET", "")
|
w := performRequest(router, "GET", "")
|
||||||
assert.Equal(t, "get", w.Body.String())
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
|
||||||
|
|
||||||
// allowed CORS request
|
// allowed CORS request
|
||||||
w = performRequest(router, "POST", "example.com")
|
w = performRequest(router, "POST", "example.com")
|
||||||
assert.Equal(t, "post", w.Body.String())
|
assert.Equal(t, w.Body.String(), "post")
|
||||||
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
|
||||||
assert.Equal(t, "Data2,X-User2", w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data2,x-user2")
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
|
||||||
|
|
||||||
// allowed CORS prefligh request
|
// allowed CORS prefligh request
|
||||||
w = performRequest(router, "OPTIONS", "https://facebook.com")
|
w = performRequest(router, "OPTIONS", "https://facebook.com")
|
||||||
assert.Equal(t, 200, w.Code)
|
assert.Equal(t, w.Code, 200)
|
||||||
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
|
||||||
assert.Equal(t, "PATCH,GET,POST", w.Header().Get("Access-Control-Allow-Methods"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "patch,get,post")
|
||||||
assert.Equal(t, "Content-Type,Testheader", w.Header().Get("Access-Control-Allow-Headers"))
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type,testheader")
|
||||||
assert.Equal(t, "36000", w.Header().Get("Access-Control-Max-Age"))
|
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "36000")
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
}
|
}
|
||||||
|
@ -3,8 +3,8 @@ package main
|
|||||||
import (
|
import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-contrib/cors"
|
"gopkg.in/gin-contrib/cors.v1"
|
||||||
"github.com/gin-gonic/gin"
|
"gopkg.in/gin-gonic/gin.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
24
utils.go
24
utils.go
@ -7,15 +7,13 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
type converter func(string) string
|
|
||||||
|
|
||||||
func generateNormalHeaders(c Config) http.Header {
|
func generateNormalHeaders(c Config) http.Header {
|
||||||
headers := make(http.Header)
|
headers := make(http.Header)
|
||||||
if c.AllowCredentials {
|
if c.AllowCredentials {
|
||||||
headers.Set("Access-Control-Allow-Credentials", "true")
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
||||||
}
|
}
|
||||||
if len(c.ExposeHeaders) > 0 {
|
if len(c.ExposeHeaders) > 0 {
|
||||||
exposeHeaders := convert(normalize(c.ExposeHeaders), http.CanonicalHeaderKey)
|
exposeHeaders := normalize(c.ExposeHeaders)
|
||||||
headers.Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ","))
|
headers.Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ","))
|
||||||
}
|
}
|
||||||
if c.AllowAllOrigins {
|
if c.AllowAllOrigins {
|
||||||
@ -32,12 +30,12 @@ func generatePreflightHeaders(c Config) http.Header {
|
|||||||
headers.Set("Access-Control-Allow-Credentials", "true")
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
||||||
}
|
}
|
||||||
if len(c.AllowMethods) > 0 {
|
if len(c.AllowMethods) > 0 {
|
||||||
allowMethods := convert(normalize(c.AllowMethods), strings.ToUpper)
|
allowMethods := normalize(c.AllowMethods)
|
||||||
value := strings.Join(allowMethods, ",")
|
value := strings.Join(allowMethods, ",")
|
||||||
headers.Set("Access-Control-Allow-Methods", value)
|
headers.Set("Access-Control-Allow-Methods", value)
|
||||||
}
|
}
|
||||||
if len(c.AllowHeaders) > 0 {
|
if len(c.AllowHeaders) > 0 {
|
||||||
allowHeaders := convert(normalize(c.AllowHeaders), http.CanonicalHeaderKey)
|
allowHeaders := normalize(c.AllowHeaders)
|
||||||
value := strings.Join(allowHeaders, ",")
|
value := strings.Join(allowHeaders, ",")
|
||||||
headers.Set("Access-Control-Allow-Headers", value)
|
headers.Set("Access-Control-Allow-Headers", value)
|
||||||
}
|
}
|
||||||
@ -48,13 +46,7 @@ func generatePreflightHeaders(c Config) http.Header {
|
|||||||
if c.AllowAllOrigins {
|
if c.AllowAllOrigins {
|
||||||
headers.Set("Access-Control-Allow-Origin", "*")
|
headers.Set("Access-Control-Allow-Origin", "*")
|
||||||
} else {
|
} else {
|
||||||
// Always set Vary headers
|
headers.Set("Vary", "Origin")
|
||||||
// see https://github.com/rs/cors/issues/10,
|
|
||||||
// https://github.com/rs/cors/commit/dbdca4d95feaa7511a46e6f1efb3b3aa505bc43f#commitcomment-12352001
|
|
||||||
|
|
||||||
headers.Add("Vary", "Origin")
|
|
||||||
headers.Add("Vary", "Access-Control-Request-Method")
|
|
||||||
headers.Add("Vary", "Access-Control-Request-Headers")
|
|
||||||
}
|
}
|
||||||
return headers
|
return headers
|
||||||
}
|
}
|
||||||
@ -75,11 +67,3 @@ func normalize(values []string) []string {
|
|||||||
}
|
}
|
||||||
return normalized
|
return normalized
|
||||||
}
|
}
|
||||||
|
|
||||||
func convert(s []string, c converter) []string {
|
|
||||||
var out []string
|
|
||||||
for _, i := range s {
|
|
||||||
out = append(out, c(i))
|
|
||||||
}
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user