cors

package

v0.1.4 Latest Latest Go to latest Published: May 28, 2017 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cssivision/looli

Links

Open Source Insights

README ¶

cors

a cors middleware for looli.

Usage

package main

import (
	"github.com/cssivision/looli"
	"github.com/cssivision/looli/cors"
	"net/http"
)

func main() {
	router := looli.Default()

	// Default return cors middleware with default options being all origins accepted, 
	// AllowMethods default is []string{"GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"}.
	router.Use(cors.Default())

	router.Get("/a", func(ctx *looli.Context) {
		ctx.String("cors response!\n")
	})

	http.ListenAndServe(":8080", router)
}

The server now runs on localhost:8080:

curl -D - -H 'Origin: http://looli.xyz' http://localhost:8080/a

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://looli.xyz
Content-Type: text/plain; charset=utf-8
Vary: Origin
Date: Thu, 16 Mar 2017 03:34:11 GMT
Content-Length: 15

cors response!

Parameters

Parameters are passed to the middleware the cors.New method as follow:

corsMiddleware := cors.New(cors.Options{
    AllowedOrigins: []string{"*"},
    AllowCredentials: true,
})

AllowOrigins []string: a list of origins a cross-domain request can be executed from, If the special "*" value is present in the list, all origins will be allowed.
AllowOriginsFunc func(string) bool: a custom function to validate the origin. It take the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of AllowedOrigins is ignored.
AllowMethods []string: specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request, default is []string{"GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"}.
AllowHeaders []string: header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
AllowCredentials bool: The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.
ExposeHeaders []string: ExposeHeaders header lets a server whitelist headers that browsers are allowed to access. For example: Access-Control-Expose-Headers: "X-My-Custom-Header, X-Another-Custom-Header" This allows the X-My-Custom-Header and X-Another-Custom-Header headers to be exposed to the browser.
MaxAge time.Duration: MaxAge indicates how long the results of a preflight request can be cached.

Licenses

All source code is licensed under the MIT License.

Documentation ¶

Index ¶

func Default() looli.HandlerFunc
func New(option Options) looli.HandlerFunc
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Default ¶

func Default() looli.HandlerFunc

Default return cors middleware with default options being all origins accepted, AllowMethods default is []string{"GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"}.

func New ¶

func New(option Options) looli.HandlerFunc

Types ¶

type Options ¶

type Options struct {
	// AllowedOrigins is a list of origins a cross-domain request can be executed from
	// If the special "*" value is present in the list, all origins will be allowed.
	AllowOrigins []string

	// AllowOriginFunc is a custom function to validate the origin. It take the origin
	// as argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowedOrigins is ignored.
	AllowOriginsFunc func(string) bool

	// specifies the method or methods allowed when accessing the resource. This is used in response
	// to a preflight request, default is []string{"GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"}.
	AllowMethods []string

	// header is used in response to a preflight request to indicate which HTTP headers can be used when
	// making the actual request
	AllowHeaders []string

	// The Access-Control-Allow-Credentials header Indicates whether or not the response to the request
	// can be exposed when the credentials flag is true.  When used as part of a response to a preflight
	// request, this indicates whether or not the actual request can be made using credentials. Note that
	// simple GET requests are not preflighted, and so if a request is made for a resource with credentials,
	// if this header is not returned with the resource, the response is ignored by the browser and not
	// returned to web content.
	AllowCredentials bool

	// ExposeHeaders header lets a server whitelist headers that browsers are allowed to access.
	// For example: Access-Control-Expose-Headers: "X-My-Custom-Header, X-Another-Custom-Header"
	// This allows the X-My-Custom-Header and X-Another-Custom-Header headers to be exposed to the browser.
	ExposeHeaders []string

	// MaxAge indicates how long the results of a preflight request can be cached.
	MaxAge time.Duration
}

Source Files ¶

View all Source files

cors.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL