cors

package module

v0.0.0-...-e80254a Latest Latest Go to latest Published: Jul 3, 2019 License: MIT Imports: 3 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/captncraig/cors

Links

Open Source Insights

README ¶

cors gives you easy control over Cross Origin Resource Sharing for your site.

It allows you to whitelist particular domains per route, or to simply allow all domains * If desired you may customize nearly every aspect of the specification.

Syntax

cors [path] [domains...] {
	origin            [origin]
	origin_regexp     [regexp]
	methods           [methods]
	allow_credentials [allowCredentials]
	max_age           [maxAge]
	allowed_headers   [allowedHeaders]
	exposed_headers   [exposedHeaders]
}

path is the file or directory this applies to (default is /).
domains is a space-seperated list of domains to allow. If ommitted, all domains will be granted access.
origin is a domain to grant access to. May be specified multiple times or ommitted.
origin_regexp is a regexp that will be matched to the Origin header. Access will be granted accordingly. It can be used in conjonction with the origin config (executed as a fallback to origin). May be specified multiple times or ommitted.
methods is set of http methods to allow. Default is these: POST,GET,OPTIONS,PUT,DELETE.
allow_credentials sets the value of the Access-Control-Allow-Credentials header. Can be true or false. By default, header will not be included.
max_age is the length of time in seconds to cache preflight info. Not set by default.
allowed_headers is a comma-seperated list of request headers a client may send.
exposed_headers is a comma-seperated list of response headers a client may access.

Examples

Simply allow all domains to request any path:

cors

Protect specific paths only, and only allow a few domains:

cors /foo http://mysite.com http://anothertrustedsite.com

Full configuration:

cors / {
  origin            http://allowedSite.com
  origin            http://anotherSite.org https://anotherSite.org
  origin_regexp     .+\.example\.com$
  methods           POST,PUT
  allow_credentials false
  max_age           3600
  allowed_headers   X-Custom-Header,X-Foobar
  exposed_headers   X-Something-Special,SomethingElse
}

Documentation ¶

Index ¶

func IsPreflight(r *http.Request) bool
type Config
- func Default() *Config
- func (c *Config) HandleRequest(w http.ResponseWriter, r *http.Request)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsPreflight ¶

func IsPreflight(r *http.Request) bool

Types ¶

type Config ¶

type Config struct {
	AllowedOrigins   []string
	OriginRegexps    []*regexp.Regexp
	AllowedMethods   string
	AllowedHeaders   string
	ExposedHeaders   string
	AllowCredentials *bool
	MaxAge           int
}

func Default ¶

func Default() *Config

func (*Config) HandleRequest ¶

func (c *Config) HandleRequest(w http.ResponseWriter, r *http.Request)

Read the request, setting response headers as appropriate. Will NOT write anything to response in any circumstances.

Source Files ¶

View all Source files

cors.go

Directories ¶

Path	Synopsis
caddy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL