cors

package module
v2.0.0-...-aede925 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 18, 2020 License: MIT Imports: 3 Imported by: 0

README

cors gives you easy control over Cross Origin Resource Sharing for your site.

It allows you to whitelist particular domains per route, or to simply allow all domains * If desired you may customize nearly every aspect of the specification.

Syntax

cors [path] [domains...] {
	origin            [origin]
	origin_regexp     [regexp]
	methods           [methods]
	allow_credentials [allowCredentials]
	max_age           [maxAge]
	allowed_headers   [allowedHeaders]
	exposed_headers   [exposedHeaders]
}
  • path is the file or directory this applies to (default is /).
  • domains is a space-seperated list of domains to allow. If ommitted, all domains will be granted access.
  • origin is a domain to grant access to. May be specified multiple times or ommitted.
  • origin_regexp is a regexp that will be matched to the Origin header. Access will be granted accordingly. It can be used in conjonction with the origin config (executed as a fallback to origin). May be specified multiple times or ommitted.
  • methods is set of http methods to allow. Default is these: POST,GET,OPTIONS,PUT,DELETE.
  • allow_credentials sets the value of the Access-Control-Allow-Credentials header. Can be true or false. By default, header will not be included.
  • max_age is the length of time in seconds to cache preflight info. Not set by default.
  • allowed_headers is a comma-seperated list of request headers a client may send.
  • exposed_headers is a comma-seperated list of response headers a client may access.

Examples

Simply allow all domains to request any path:

cors

Protect specific paths only, and only allow a few domains:

cors /foo http://mysite.com http://anothertrustedsite.com

Full configuration:

cors / {
  origin            http://allowedSite.com
  origin            http://anotherSite.org https://anotherSite.org
  origin_regexp     .+\.example\.com$
  methods           POST,PUT
  allow_credentials false
  max_age           3600
  allowed_headers   X-Custom-Header,X-Foobar
  exposed_headers   X-Something-Special,SomethingElse
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsPreflight

func IsPreflight(r *http.Request) bool

IsPreflight will check if this is an options request

Types

type Config

type Config struct {
	AllowedOrigins   []string
	OriginRegexps    []*regexp.Regexp
	AllowedMethods   string
	AllowedHeaders   string
	ExposedHeaders   string
	AllowCredentials *bool
	MaxAge           int
}

Config stores the intended behaviour

func Default

func Default() *Config

Default configuration

func (*Config) HandleRequest

func (c *Config) HandleRequest(w http.ResponseWriter, r *http.Request)

HandleRequest - Read the request, setting response headers as appropriate. Will NOT write anything to response in any circumstances.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL