cors

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultHeaderBytes = [][]byte{
		[]byte("OPTIONS"),
		[]byte("GET"),
		[]byte("POST"),
	}
	DefaultSchemas = []string{
		"http://",
		"https://",
	}
	DefaultSchemasBytes = [][]byte{
		[]byte("http://"),
		[]byte("https://"),
	}
	ExtensionSchemas = []string{
		"chrome-extension://",
		"safari-extension://",
		"moz-extension://",
		"ms-browser-extension://",
	}
	FileSchemas = []string{
		"file://",
	}
	WebSocketSchemas = []string{
		"ws://",
		"wss://",
	}
)

Functions

func Default 

func Default() app.HandlerFunc

Default returns the location middleware with default configuration.

func NewMiddleware 

func NewMiddleware(config Config) app.HandlerFunc

NewMiddleware returns the location middleware with user-defined custom configuration.

Types

type Config 

type Config struct {
	// AllowOriginFunc is a custom function to validate the origin. It takes the origin
	// as argument and returns true if allowed or false otherwise.
	// AllowOrigins have a higher AllowOrigins have a higher priority than AllowOriginFunc
	// It is recommended to use AllowOriginFunc without setting AllowOrigins.
	AllowOriginFunc func(origin string) bool
	// AllowOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// Default value is []
	AllowOrigins []string `mapstructure:"allow_origins"`
	// AllowMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET and POST)
	AllowMethods []string `mapstructure:"allow_methods"`
	// AllowHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	AllowHeaders []string `mapstructure:"allow_headers"`
	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposeHeaders []string `mapstructure:"expose_headers"`
	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached
	MaxAge          time.Duration `mapstructure:"max_age"`
	AllowAllOrigins bool          `mapstructure:"allow_all_origins"`
	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool `mapstructure:"allow_credentials"`
	// Allows to add origins like http://some-domain/*, https://api.* or http://some.*.subdomain.com
	AllowWildcard bool `mapstructure:"allow_wildcard"`
	// Allows usage of popular browser extensions schemas
	AllowBrowserExtensions bool
	// Allows usage of WebSocket protocol
	AllowWebSockets bool
	// Allows usage of file:// schema (dangerous!) use it only when you 100% sure it's needed
	AllowFiles bool
}

Config represents all available options for the middleware.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns a generic default configuration mapped to localhost.

func (*Config) AddAllowHeaders 

func (c *Config) AddAllowHeaders(headers ...string)

AddAllowHeaders is allowed to add custom headers

func (*Config) AddAllowMethods 

func (c *Config) AddAllowMethods(methods ...string)

AddAllowMethods is allowed to add custom methods

func (*Config) AddExposeHeaders 

func (c *Config) AddExposeHeaders(headers ...string)

AddExposeHeaders is allowed to add custom expose headers

func (Config) Validate 

func (c Config) Validate() error

Validate is check configuration of user defined.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.