cors

package
v3.0.0-rc.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2016 License: Apache-2.0 Imports: 6 Imported by: 0

README

Middleware information

This is a fork of the CORS middleware from here

Description

It does some security work for you between the requests, a brief view on what you can set:

  • AllowedOrigins []string

  • AllowOriginFunc func(origin string) bool

  • AllowedMethods []string

  • AllowedHeadersAll bool

  • ExposedHeaders []string

  • AllowCredentials bool

  • MaxAge int

  • OptionsPassthrough bool

Options


    // AllowedOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// An origin may contain a wildcard (*) to replace 0 or more characters
	// (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality.
	// Only one wildcard can be used per origin.
	// Default value is ["*"]
	AllowedOrigins []string
	// AllowOriginFunc is a custom function to validate the origin. It take the origin
	// as argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowedOrigins is ignored.
	AllowOriginFunc func(origin string) bool
	// AllowedMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET and POST)
	AllowedMethods []string
	// AllowedHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	// If the special "*" value is present in the list, all headers will be allowed.
	// Default value is [] but "Origin" is always appended to the list.
	AllowedHeaders []string

	AllowedHeadersAll bool

	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposedHeaders []string
	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool
	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached
	MaxAge int
	// OptionsPassthrough instructs preflight to let other potential next handlers to
	// process the OPTIONS method. Turn this on if your application handles OPTIONS.
	OptionsPassthrough bool
	// Debugging flag adds additional output to debug server side CORS issues
	Debug bool

How to use


package main

import (
	"github.com/kataras/iris"
	"github.com/kataras/iris/middleware/cors"
)

func main() {

	//crs := cors.New(cors.Options{})

	iris.Use(cors.Default()) // crs

	iris.Get("/home", func(c *iris.Context) {
		c.Write("Hello from /home")
	})

	println("Server is running at :8080")
	iris.Listen(":8080")

}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cors 

type Cors struct {
	// Debug logger
	Log *log.Logger
	// contains filtered or unexported fields
}

Cors http handler

func Default 

func Default() *Cors

Default creates a new Cors handler with default options

func DefaultCors 

func DefaultCors() *Cors

DefaultCors creates a new Cors handler with default options

func New 

func New(options Options) *Cors

New creates a new Cors handler with the provided options.

func (*Cors) Conflicts 

func (c *Cors) Conflicts() string

Conflicts used by the router optimizer

func (*Cors) Serve 

func (c *Cors) Serve(ctx *iris.Context)

Serve serves the middleware

type Options 

type Options struct {
	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// An origin may contain a wildcard (*) to replace 0 or more characters
	// (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality.
	// Only one wildcard can be used per origin.
	// Default value is ["*"]
	AllowedOrigins []string
	// AllowOriginFunc is a custom function to validate the origin. It take the origin
	// as argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowedOrigins is ignored.
	AllowOriginFunc func(origin string) bool
	// AllowedMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET and POST)
	AllowedMethods []string
	// AllowedHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	// If the special "*" value is present in the list, all headers will be allowed.
	// Default value is [] but "Origin" is always appended to the list.
	AllowedHeaders []string
	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposedHeaders []string
	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool
	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached
	MaxAge int
	// OptionsPassthrough instructs preflight to let other potential next handlers to
	// process the OPTIONS method. Turn this on if your application handles OPTIONS.
	OptionsPassthrough bool
	// Debugging flag adds additional output to debug server side CORS issues
	Debug bool
}

Options is a configuration container to setup the CORS middleware.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.