Documentation
¶
Index ¶
- Variables
- func CheckOrigin(allowedOrigins []string, origin string) bool
- func ContextualizedMiddleware(provider func(context.Context) (opts cors.Options, enabled bool)) negroni.HandlerFuncdeprecated
- func HelpMessage() string
- func NormalizeOriginStrings(origins []string) ([]string, error)
- func NormalizeOrigins(origins []url.URL) []string
Constants ¶
This section is empty.
Variables ¶
var CORSAllowCredentials = true
CORSAllowCredentials default value for allow credentials this is required for cookies to be sent by the browser we always want this since we are using cookies for authentication most of the time
var CORSDefaultAllowedMethods = []string{"GET", "POST", "PUT", "PATCH", "DELETE"}
CORSDefaultAllowedMethods Default allowed methods
var CORSDefaultMaxAge = 5
CORSDefaultMaxAge max age for cache of preflight request result default is 5 seconds https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
var CORSRequestHeadersExtended = []string{"Authorization", "X-CSRF-TOKEN"}
CORSRequestHeadersExtended Extended list of request headers these will be concatenated with the safelist
var CORSRequestHeadersSafelist = []string{"Accept", "Content-Type", "Content-Length", "Accept-Language", "Content-Language"}
CORSRequestHeadersSafelist We add the safe list cors accept headers https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header
var CORSResponseHeadersExtended = []string{}
CORSResponseHeadersExtended Extended list of response headers these will be concatenated with the safelist
var CORSResponseHeadersSafelist = []string{"Set-Cookie", "Cache-Control", "Expires", "Last-Modified", "Pragma", "Content-Length", "Content-Language", "Content-Type"}
CORSResponseHeadersSafelist We add the safe list cors expose headers https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
Functions ¶
func CheckOrigin ¶ added in v0.0.578
CheckOrigin is a function that can be used well with cors.Options.AllowOriginRequestFunc. It checks whether the origin is allowed following the same behavior as github.com/rs/cors.
Recommended usage for hot-reloadable origins:
func (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) {
opts, enabled := p.GetProvider(ctx).CORS(prefix, cors.Options{
AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
AllowedHeaders: []string{"Authorization", "Content-Type", "Cookie"},
ExposedHeaders: []string{"Content-Type", "Set-Cookie"},
AllowCredentials: true,
})
opts.AllowOriginRequestFunc = func(r *http.Request, origin string) bool {
// load the origins from the config on every request to allow hot-reloading
allowedOrigins := p.GetProvider(r.Context()).Strings(prefix + ".cors.allowed_origins")
return corsx.CheckOrigin(allowedOrigins, origin)
}
return opts, enabled
}
func ContextualizedMiddleware
deprecated
added in
v0.0.431
func ContextualizedMiddleware(provider func(context.Context) (opts cors.Options, enabled bool)) negroni.HandlerFunc
ContextualizedMiddleware is a context-aware CORS middleware. It allows hot-reloading CORS configuration using the HTTP request context.
n := negroni.New()
n.UseFunc(ContextualizedMiddleware(func(context.Context) (opts cors.Options, enabled bool) {
panic("implement me")
})
// ...
Deprecated: because this is not really practical to use, you should use CheckOrigin as the cors.Options.AllowOriginRequestFunc instead.
func HelpMessage ¶
func HelpMessage() string
HelpMessage returns a string containing information on setting up this CORS middleware.
func NormalizeOriginStrings ¶ added in v0.0.394
NormalizeOriginStrings normalizes the CORS origins from string representation
func NormalizeOrigins ¶ added in v0.0.394
NormalizeOrigins normalizes the CORS origins.
Types ¶
This section is empty.
Source Files