cors

Documentation

Index

• Variables
• func Default() mist.Middleware
• func New(config Config) mist.Middleware
• type Config
  • func DefaultConfig() Config
  • func (c *Config) AddAllowHeaders(headers ...string)
  • func (c *Config) AddAllowMethods(methods ...string)
  • func (c *Config) AddExposeHeaders(headers ...string)
  • func (c *Config) Validate() error

Variables

var (
	DefaultSchemas = []string{
		"http://",
		"https://",
	}
	ExtensionSchemas = []string{
		"chrome-extension://",
		"safari-extension://",
		"moz-extension://",
		"ms-browser-extension://",
	}
	FileSchemas = []string{
		"file://",
	}
	WebSocketSchemas = []string{
		"ws://",
		"wss://",
	}
)

Predefined schema lists for different types of URIs.

Functions

func Default

func Default() mist.Middleware

Default creates a default middleware with settings that allow all origins. It uses the default configuration and sets AllowAllOrigins to true.

Parameters: - None

Returns: - A mist.Middleware function that applies the default CORS settings.

func New

func New(config Config) mist.Middleware

New creates a new middleware based on the provided configuration. It initializes a cors instance and returns a middleware function that applies CORS settings to incoming requests.

Parameters: - config: The configuration for the CORS settings.

Returns: - A mist.Middleware function that applies the CORS settings based on the provided configuration.

Types

type Config

type Config struct {
	AllowAllOrigins bool

	// AllowOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// Default value is []
	AllowOrigins []string

	// AllowOriginFunc is a custom function to validate the origin. It takes the origin
	// as an argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowOrigins is ignored.
	AllowOriginFunc func(origin string) bool

	// Same as AllowOriginFunc except also receives the full request context.
	// This function should use the context as a read only source and not
	// have any side effects on the request, such as aborting or injecting
	// values on the request.
	AllowOriginWithContextFunc func(c *mist.Context, origin string) bool

	// AllowMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS)
	AllowMethods []string

	// AllowPrivateNetwork indicates whether the response should include allow private network header
	AllowPrivateNetwork bool

	// AllowHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	AllowHeaders []string

	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool

	// ExposeHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposeHeaders []string

	// MaxAge indicates how long (with second-precision) the results of a preflight request
	// can be cached
	MaxAge time.Duration

	// Allows to add origins like http://some-domain/*, https://api.* or http://some.*.subdomain.com
	AllowWildcard bool

	// Allows usage of popular browser extensions schemas
	AllowBrowserExtensions bool

	// Allows to add custom schema like tauri://
	CustomSchemas []string

	// Allows usage of WebSocket protocol
	AllowWebSockets bool

	// Allows usage of file:// schema (dangerous!) use it only when you 100% sure it's needed
	AllowFiles bool

	// Allows to pass custom OPTIONS response status code for old browsers / clients
	OptionsResponseStatusCode int
}

Config represents all available options for the middleware.

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns a default CORS configuration with standard allowed methods and headers, no credentials allowed, and a default max age of 12 hours.

Parameters: - None

Returns: - A Config struct with the default settings.

func (*Config) AddAllowHeaders

func (c *Config) AddAllowHeaders(headers ...string)

AddAllowHeaders adds custom headers to the list of allowed headers in the CORS configuration.

Parameters: - headers: A variadic list of strings representing the custom headers to be allowed.

Returns: - None

Usage: config := &Config{} config.AddAllowHeaders("X-Custom-Header")

func (*Config) AddAllowMethods

func (c *Config) AddAllowMethods(methods ...string)

AddAllowMethods adds custom HTTP methods to the list of allowed methods in the CORS configuration.

Parameters: - methods: A variadic list of strings representing the custom HTTP methods to be allowed.

Returns: - None

Usage: config := &Config{} config.AddAllowMethods("CUSTOM-METHOD")

func (*Config) AddExposeHeaders

func (c *Config) AddExposeHeaders(headers ...string)

AddExposeHeaders adds custom headers to the list of headers exposed to the client. Expose headers define which headers can be accessed by the client.

Parameters: - headers: A variadic list of strings representing the custom headers to be exposed.

Returns: - None

Usage: config := &Config{} config.AddExposeHeaders("X-Expose-Header")

func (*Config) Validate

func (c *Config) Validate() error

Validate checks the CORS configuration for any conflicting settings and validates the origins defined. If the configuration is invalid, it returns an error.

Parameters: - None

Returns: - An error if the configuration is invalid, otherwise nil.