corsx

package
v0.0.615 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2024 License: Apache-2.0 Imports: 6 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CORSAllowCredentials = true

CORSAllowCredentials default value for allow credentials this is required for cookies to be sent by the browser we always want this since we are using cookies for authentication most of the time

View Source
var CORSDefaultAllowedMethods = []string{"GET", "POST", "PUT", "PATCH", "DELETE"}

CORSDefaultAllowedMethods Default allowed methods

View Source
var CORSDefaultMaxAge = 5

CORSDefaultMaxAge max age for cache of preflight request result default is 5 seconds https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age

View Source
var CORSRequestHeadersExtended = []string{"Authorization", "X-CSRF-TOKEN"}

CORSRequestHeadersExtended Extended list of request headers these will be concatenated with the safelist

View Source
var CORSRequestHeadersSafelist = []string{"Accept", "Content-Type", "Content-Length", "Accept-Language", "Content-Language"}

CORSRequestHeadersSafelist We add the safe list cors accept headers https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header

View Source
var CORSResponseHeadersExtended = []string{}

CORSResponseHeadersExtended Extended list of response headers these will be concatenated with the safelist

View Source
var CORSResponseHeadersSafelist = []string{"Set-Cookie", "Cache-Control", "Expires", "Last-Modified", "Pragma", "Content-Length", "Content-Language", "Content-Type"}

CORSResponseHeadersSafelist We add the safe list cors expose headers https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header

Functions

func CheckOrigin added in v0.0.578

func CheckOrigin(allowedOrigins []string, origin string) bool

CheckOrigin is a function that can be used well with cors.Options.AllowOriginRequestFunc. It checks whether the origin is allowed following the same behavior as github.com/rs/cors.

Recommended usage for hot-reloadable origins:

func (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) {
	opts, enabled := p.GetProvider(ctx).CORS(prefix, cors.Options{
		AllowedMethods:   []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
		AllowedHeaders:   []string{"Authorization", "Content-Type", "Cookie"},
		ExposedHeaders:   []string{"Content-Type", "Set-Cookie"},
		AllowCredentials: true,
	})
	opts.AllowOriginRequestFunc = func(r *http.Request, origin string) bool {
		// load the origins from the config on every request to allow hot-reloading
		allowedOrigins := p.GetProvider(r.Context()).Strings(prefix + ".cors.allowed_origins")
		return corsx.CheckOrigin(allowedOrigins, origin)
	}
	return opts, enabled
}

func ContextualizedMiddleware deprecated added in v0.0.431

func ContextualizedMiddleware(provider func(context.Context) (opts cors.Options, enabled bool)) negroni.HandlerFunc

ContextualizedMiddleware is a context-aware CORS middleware. It allows hot-reloading CORS configuration using the HTTP request context.

n := negroni.New()
n.UseFunc(ContextualizedMiddleware(func(context.Context) (opts cors.Options, enabled bool) {
  panic("implement me")
})
// ...

Deprecated: because this is not really practical to use, you should use CheckOrigin as the cors.Options.AllowOriginRequestFunc instead.

func HelpMessage

func HelpMessage() string

HelpMessage returns a string containing information on setting up this CORS middleware.

func NormalizeOriginStrings added in v0.0.394

func NormalizeOriginStrings(origins []string) ([]string, error)

NormalizeOriginStrings normalizes the CORS origins from string representation

func NormalizeOrigins added in v0.0.394

func NormalizeOrigins(origins []url.URL) []string

NormalizeOrigins normalizes the CORS origins.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL