Documentation ¶
Overview ¶
Package cors is a handler for the core (https://godoc.org/github.com/volatile/core). It provides Cross-Origin Resource Sharing support.
Usage ¶
When using CORS (globally or locally), there is always a parameter of type OriginsMap. It can contain a map of allowed origins and their specific options.
Use nil to allow all headers, methods and origins:
cors.Use(nil)
Use nil for origin to allow all headers and methods for this origin.
cors.Use(&cors.OriginsMap{ "example.com": nil, })
Use AllOrigins to set options for all origins.
cors.Use(&cors.OriginsMap{ "example.com": nil, // All is allowed for this origin. cors.AllOrigins: &cors.Options{ AllowedMethods: []string{"GET"}, // Only the GET method is allowed for the others. }, })
Global usage ¶
Use sets a global CORS configuration for all the handlers downstream:
cors.Use(nil) // All is allowed for the root path. core.Use(func(c *core.Context) { if c.Request.URL.Path == "/" { fmt.Fprint(c.ResponseWriter, "Hello, World!") } else { c.Next() } }) // Previous CORS options are overwritten. cors.Use(&cors.OriginsMap{ cors.AllOrigins: &cors.Options{ AllowedMethods: []string{"GET"}, }, }) // Only the GET method is allowed for this handler. core.Use(func(c *core.Context) { fmt.Fprint(c.ResponseWriter, "Read only") })
Make sure to include the handler above any other handler that alter the response body.
Local usage ¶
LocalUse sets CORS locally, inside a single handler. This setting takes precedence over he global CORS options (if set).
core.Use(func(c *core.Context) { cors.LocalUse(c, &cors.OriginsMap{ cors.AllOrigins: &cors.Options{AllowedMethods: []string{"GET"}}, }, func() { response.Status(c, http.StatusOK) }) })
Documentation ¶
For more information:
W3C http://www.w3.org/TR/cors/ Mozilla https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS HTML5 Rocks http://www.html5rocks.com/en/tutorials/cors/
Index ¶
Constants ¶
const AllOrigins = "*"
AllOrigins is the wildcard.
Variables ¶
This section is empty.
Functions ¶
func LocalUse ¶
func LocalUse(c *core.Context, origins *OriginsMap, handler func())
LocalUse sets CORS locally, inside a single handler. This setting takes precedence over he global CORS options (if set).
func Use ¶
func Use(origins *OriginsMap)
Use adds a handler to the default handlers stack. It sets a global CORS configuration for all the handlers downstream.
Types ¶
type Options ¶
type Options struct { AllowedHeaders []string // AllowedHeaders indicates, in the case of a preflight request, which headers can be used during the actual request. If none are set, all are allowed. AllowedMethods []string // AllowedMethods indicates, in the case of a preflight request, which methods can be used during the actual request. If none are set, all are allowed. CredentialsAllowed bool // CredentialsAllowed indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. ExposedHeaders []string // ExposedHeaders whitelists headers that browsers are allowed to access. MaxAge time.Duration // MaxAge indicates how long the results of a preflight request can be cached. }
Options represents access control options for an origin.
type OriginsMap ¶
OriginsMap represents the allowed origins with their respective options.