Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cors ¶
Cors is the verto plugin that handles CORS requests based on a given configuration.
Example usage:
cors := NewCors().Configure(&CorsOptions{ AllowedOrigins: []string{"*"}, AllowedHeadersFn: func(h []string) bool { // This is functionally equivalent // to AllowHeaders: []string{"*"} return true }, AllowedMethods: []string{"GET", "POST"} })
func New ¶
func New() *Cors
NewCors returns a new Cors plugin instance that is unconfigured. It is best practice to call either the Configure or Default functions immediately on the newly instantiated plugin instance
func (*Cors) Configure ¶
Configure configures the Cors plugin according to the passed in options. Each consecutive call to Configure will first create a fresh instance of a cors plugin before configuring the plugin. As such, it is generally recommended to only call the Configure function once immediately after instantiating a new Cors plugin and to not mix the call with a call to Default.
Example:
cors := NewCors().Configure(&CorsOptions{ ... })
func (*Cors) Default ¶
Default configures a Cors instance to use sensible default options. Each consective call to Default will instantiate a fresh Cors plugin instance. As such, it is generally recommended to only call Default once after instantiating a new Cors plugin instance and to not mix the call with a call to Configure.
Example:
cors := NewCors().Default()
type Options ¶
type Options struct { // AllowedOrigins designates a series of origins // as allowable for the 'Origin' header of incoming // requests. AllowedOrigins recognizes the wildcard // designation '*'. If AllowedOriginsFn is included, // it takes precedence over AllowedOrigins. AllowedOrigins []string // AllowedOriginsFn is a function that takes in an // origin and returns if it is allowable. If this // function is non-nil, it takes precedence over AllowedOrigins AllowedOriginsFn func(string) bool // ExposedHeaders designates a series of headers for the server // to expose in the 'Access-Control-Expose-Headers' header ExposedHeaders []string // AllowedHeaders designates a series of headers as allowable // for the 'Access-Control-Requested-Headers' header of incoming // requests. AllowedHeaders recognizes the wildcard designation '*'. // If AllowedHeadersFn is included, it takes precedence over AllowedHeaders AllowedHeaders []string // AllowedHeadersFn is a function that takes in a series of headers and // returns if they are allowable. If this function is non-nil, it takes // precedence over AllowedHeaders AllowedHeadersFn func([]string) bool // AllowedMethods designates a series of methods as allowable, either // per the request method for direct requests or per the 'Access-Control-Request-Method' // header on preflight requests. AllowedMethods recognizes the wildcard designation '*'. AllowedMethods []string // MaxAge is an optional field that designates the duration in seconds of // the 'Access-Control-Max-Age' header for preflight requests. If included, // MaxAge must be at least 1 second in duration MaxAge time.Duration // AllowCredentials is an optional field that sets the 'Access-Control-Allow-Credentials' header AllowCredentials bool }
Options is a struct containing Cors plugin configuration options. MaxAge, if included, must be at least 1 second long. AllowedOrigins, AllowedHeaders, and AllowedMethods all support the wildcard designation '*'. If a wildcard is included, it should be the only string in the slice as it renders all other strings meaningless.
Note: It is good security practice to explicitly define allowed origins, methods and headers instead of relying on a wildcard.