This repository has been archived by the owner on Dec 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathmiddleware_cors.go
91 lines (72 loc) · 2.64 KB
/
middleware_cors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package rye
import (
"net/http"
)
const (
// CORS Specific constants
DEFAULT_CORS_ALLOW_ORIGIN = "*"
DEFAULT_CORS_ALLOW_METHODS = "POST, GET, OPTIONS, PUT, DELETE"
DEFAULT_CORS_ALLOW_HEADERS = "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Access-Token"
)
type cors struct {
CORSAllowOrigin string
CORSAllowMethods string
CORSAllowHeaders string
}
// MiddlewareCORS is the struct to represent configuration of the CORS handler.
func MiddlewareCORS() func(rw http.ResponseWriter, req *http.Request) *Response {
c := &cors{
CORSAllowOrigin: DEFAULT_CORS_ALLOW_ORIGIN,
CORSAllowMethods: DEFAULT_CORS_ALLOW_METHODS,
CORSAllowHeaders: DEFAULT_CORS_ALLOW_HEADERS,
}
return c.handle
}
/*
NewMiddlewareCORS creates a new handler to support CORS functionality. You can use this middleware by specifying `rye.MiddlewareCORS()` or `rye.NewMiddlewareCORS(origin, methods, headers)`
when defining your routes.
Default CORS Values:
DEFAULT_CORS_ALLOW_ORIGIN**: "*"
DEFAULT_CORS_ALLOW_METHODS**: "POST, GET, OPTIONS, PUT, DELETE"
DEFAULT_CORS_ALLOW_HEADERS**: "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Access-Token"
If you are planning to use this in production - you should probably use this middleware *with* params.
Example use case:
routes.Handle("/some/route", a.Dependencies.MWHandler.Handle(
[]rye.Handler{
rye.MiddlewareCORS(), // use defaults for allowed origin, headers, methods
yourHandler,
})).Methods("PUT", "OPTIONS")
OR:
routes.Handle("/some/route", a.Dependencies.MWHandler.Handle(
[]rye.Handler{
rye.NewMiddlewareCORS("*", "POST, GET", "SomeHeader, AnotherHeader"),
yourHandler,
})).Methods("PUT", "OPTIONS")
*/
func NewMiddlewareCORS(origin, methods, headers string) func(rw http.ResponseWriter, req *http.Request) *Response {
c := &cors{
CORSAllowOrigin: origin,
CORSAllowMethods: methods,
CORSAllowHeaders: headers,
}
return c.handle
}
// If `Origin` header gets passed, add required response headers for CORS support.
// Return bool if `Origin` header was detected.
func (c *cors) handle(rw http.ResponseWriter, req *http.Request) *Response {
origin := req.Header.Get("Origin")
// Origin header not provided, nothing for CORS to do
if origin == "" {
return nil
}
rw.Header().Set("Access-Control-Allow-Origin", c.CORSAllowOrigin)
rw.Header().Set("Access-Control-Allow-Methods", c.CORSAllowMethods)
rw.Header().Set("Access-Control-Allow-Headers", c.CORSAllowHeaders)
// If this was a preflight request, stop further middleware execution
if req.Method == "OPTIONS" {
return &Response{
StopExecution: true,
}
}
return nil
}