package cors
import "github.com/rs/cors"
Package cors is net/http handler to handle CORS related requests as defined by http://www.w3.org/TR/cors/
You can configure it by passing an option struct to cors.New:
c := cors.New(cors.Options{
AllowedOrigins: []string{"foo.com"},
AllowedMethods: []string{http.MethodGet, http.MethodPost, http.MethodDelete},
AllowCredentials: true,
})
Then insert the handler in the chain:
handler = c.Handler(handler)
See Options documentation for more options.
The resulting handler is a standard net/http handler.
Index ¶
- type Cors
- func AllowAll() *Cors
- func Default() *Cors
- func New(options Options) *Cors
- func (c *Cors) Handler(h http.Handler) http.Handler
- func (c *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request)
- func (c *Cors) OriginAllowed(r *http.Request) bool
- func (c *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- type Logger
- type Options
Types ¶
type Cors ¶
type Cors struct {
// Debug logger
Log Logger
// contains filtered or unexported fields
}
Cors http handler
func AllowAll ¶
func AllowAll() *Cors
AllowAll create a new Cors handler with permissive configuration allowing all origins with all standard methods with any header and credentials.
func Default ¶
func Default() *Cors
Default creates a new Cors handler with default options.
func New ¶
New creates a new Cors handler with the provided options.
func (*Cors) Handler ¶
Handler apply the CORS specification on the request, and add relevant CORS headers as necessary.
func (*Cors) HandlerFunc ¶
func (c *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request)
HandlerFunc provides Martini compatible handler
func (*Cors) OriginAllowed ¶
check the Origin of a request. No origin at all is also allowed.
func (*Cors) ServeHTTP ¶
func (c *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
Negroni compatible interface
type Logger ¶
type Logger interface {
Printf(string, ...interface{})
}
Logger generic interface for logger
type Options ¶
type Options struct {
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
// If the special "*" value is present in the list, all origins will be allowed.
// An origin may contain a wildcard (*) to replace 0 or more characters
// (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penalty.
// Only one wildcard can be used per origin.
// Default value is ["*"]
AllowedOrigins []string
// AllowOriginFunc is a custom function to validate the origin. It take the
// origin as argument and returns true if allowed or false otherwise. If
// this option is set, the content of `AllowedOrigins` is ignored.
AllowOriginFunc func(origin string) bool
// AllowOriginRequestFunc is a custom function to validate the origin. It
// takes the HTTP Request object and the origin as argument and returns true
// if allowed or false otherwise. If headers are used take the decision,
// consider using AllowOriginVaryRequestFunc instead. If this option is set,
// the contents of `AllowedOrigins`, `AllowOriginFunc` are ignored.
//
// Deprecated: use `AllowOriginVaryRequestFunc` instead.
AllowOriginRequestFunc func(r *http.Request, origin string) bool
// AllowOriginVaryRequestFunc is a custom function to validate the origin.
// It takes the HTTP Request object and the origin as argument and returns
// true if allowed or false otherwise with a list of headers used to take
// that decision if any so they can be added to the Vary header. If this
// option is set, the contents of `AllowedOrigins`, `AllowOriginFunc` and
// `AllowOriginRequestFunc` are ignored.
AllowOriginVaryRequestFunc func(r *http.Request, origin string) (bool, []string)
// AllowedMethods is a list of methods the client is allowed to use with
// cross-domain requests. Default value is simple methods (HEAD, GET and POST).
AllowedMethods []string
// AllowedHeaders is list of non simple headers the client is allowed to use with
// cross-domain requests.
// If the special "*" value is present in the list, all headers will be allowed.
// Default value is [].
AllowedHeaders []string
// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
// API specification
ExposedHeaders []string
// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached. Default value is 0, which stands for no
// Access-Control-Max-Age header to be sent back, resulting in browsers
// using their default value (5s by spec). If you need to force a 0 max-age,
// set `MaxAge` to a negative value (ie: -1).
MaxAge int
// AllowCredentials indicates whether the request can include user credentials like
// cookies, HTTP authentication or client side SSL certificates.
AllowCredentials bool
// AllowPrivateNetwork indicates whether to accept cross-origin requests over a
// private network.
AllowPrivateNetwork bool
// OptionsPassthrough instructs preflight to let other potential next handlers to
// process the OPTIONS method. Turn this on if your application handles OPTIONS.
OptionsPassthrough bool
// Provides a status code to use for successful OPTIONS requests.
// Default value is http.StatusNoContent (204).
OptionsSuccessStatus int
// Debugging flag adds additional output to debug server side CORS issues
Debug bool
// Adds a custom logger, implies Debug is true
Logger Logger
}
Options is a configuration container to setup the CORS middleware.
Source Files ¶
Directories ¶
| Path | Synopsis |
|---|---|
| internal | adapted from github.com/jub0bs/cors |
- Version
- v1.11.1 (latest)
- Published
- Aug 29, 2024
- Platform
- windows/amd64
- Imports
- 6 packages
- Last checked
- now –
Tools for package owners.