README
¶
CORS Middleware
CORS (Cross Origin Resource Sharing) is a technique that allows a microservice in combination with a client to control the way a microservice can be called. For this, the microservice provides information from which websites calls to the microservice can be sent. The client on the other side checks this information and prevents websites from calling the microservice, that are not allowed to do so. A more in depth description can be found here
This middleware intercepts the OPTIONS method to provide the CORS information
to clients. It gets a list of allowed methods and headers and will prevent
requests to pass through, that do not fulfill the requirements.
Example
finalHandler := midgard.StackMiddlewareHandler(
[]midgard.Middleware{
util.Must(cors.New(
cors.WithHeaders(cors.MinimumAllowHeaders()),
cors.WithMethods([]string{http.MethodGet}),
cors.WithOrigins([]string{"*"}))),
},
http.HandlerFunc(HelloHandler),
)
If no headers are specified, all headers are allowed. A minimal set of headers
is provided via cors.MinimumAllowHeaders.
Similar, if no methods are specified, all methods are allowed.
If at least one of the allowed origins is * or nothing is specified, the
allowed origins are set to just contain *.
Thus, a CORS middleware that is not parametrized, will allow all requests to
pass and not filter anything. It just intercepts the OPTIONS method.
Documentation
¶
Index ¶
- func MinimumAllowHeaders() []string
- func New(options ...func(handler *Handler) error) (defs.Middleware, error)
- func WithHeaders(headers []string) func(handler *Handler) error
- func WithLogLevel(level slog.Level) func(h *Handler) error
- func WithLogger(log *slog.Logger) func(h *Handler) error
- func WithMethods(methods []string) func(handler *Handler) error
- func WithOrigins(origins []string) func(handler *Handler) error
- type Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MinimumAllowHeaders ¶
func MinimumAllowHeaders() []string
MinimumAllowHeaders returns a minimal list of headers, that should not do harm. It can be used to limit the allowed headers to a reasonable small set.
func New ¶
func New(options ...func(handler *Handler) error) (defs.Middleware, error)
New sets up the cross site scripting circumvention disable headers. If no methods are specified, all methods are allowed. If no headers are specified, all headers are allowed. If origin contains "*" or is empty, the allowed origins are set to *.
func WithHeaders ¶
WithHeaders sets the allowed headers. If later a request contains headers that are not contained in this list, it will be denied the service.
func WithLogLevel ¶
WithLogLevel configures the log level to use with the logger.
func WithLogger ¶
WithLogger configures the logger to use.
func WithMethods ¶
WithMethods sets the allowed methods. If later a request uses a method that are not contained in this list, it will be denied the service.
func WithOrigins ¶
WithOrigins sets the allowed origins. If later a comes from and origin that are not contained in this list, it will be denied the service. A special origin is "*", that is the wildcard for "all" origins.
Types ¶
type Handler ¶
type Handler struct {
defs.MWBase
// Headers contains the allowed headers
Headers map[string]bool
// HeadersReturn contains the comma-concatenated allowed headers
// as returned in the allow-header header
HeadersReturn string
// Methods contains the allowed methods specific for CSS for the given handler.
Methods map[string]bool
// MethodsReturn contains the comma-concatenated allowed methods
// as returned in the allow-methods header
MethodsReturn string
// Origins contains the allowed origins
Origins []string
}
Handler is a middleware that sets up the cross site scripting circumvention headers.
Source Files