.travis.yml

@@ -5,7 +5,6 @@ go:
   - 1.6.x
   - 1.7.x
   - 1.8.x
-  - 1.9.x
   - tip
 
 script:

README.md

@@ -15,13 +15,13 @@ Gin middleware/handler to enable CORS support.
 Download and install it:
 
 ```sh
-$ go get github.com/gin-contrib/cors
+$ go get gopkg.in/gin-contrib/cors.v1
 ```
 
 Import it in your code:
 
 ```go
-import "github.com/gin-contrib/cors"
+import "gopkg.in/gin-contrib/cors.v1"
 ```
 
 ### Canonical example:
@@ -32,7 +32,7 @@ package main
 import (
 	"time"
 
-	"github.com/gin-contrib/cors"
+	"gopkg.in/gin-contrib/cors.v1"
 	"github.com/gin-gonic/gin"
 )
 

cors.go

@@ -14,7 +14,7 @@ type Config struct {
 
 	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
 	// If the special "*" value is present in the list, all origins will be allowed.
-	// Default value is []
+	// Default value is ["*"]
 	AllowOrigins []string
 
 	// AllowOriginFunc is a custom function to validate the origin. It take the origin
@@ -28,6 +28,8 @@ type Config struct {
 
 	// AllowedHeaders is list of non simple headers the client is allowed to use with
 	// cross-domain requests.
+	// If the special "*" value is present in the list, all headers will be allowed.
+	// Default value is [] but "Origin" is always appended to the list.
 	AllowHeaders []string
 
 	// AllowCredentials indicates whether the request can include user credentials like
@@ -67,8 +69,8 @@ func (c Config) Validate() error {
 		return errors.New("conflict settings: all origins disabled")
 	}
 	for _, origin := range c.AllowOrigins {
-		if origin != "*" && !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
+		if !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
-			return errors.New("bad origin: origins must either be '*' or include http:// or https://")
+			return errors.New("bad origin: origins must include http:// or https://")
 		}
 	}
 	return nil