From ad77842e3e513279a62401bb31fe5e0f4291ead5 Mon Sep 17 00:00:00 2001 From: Jurica Kovacevic Date: Thu, 26 Oct 2023 12:17:27 +0200 Subject: [PATCH] feat: adds support for private network header --- cors.go | 3 +++ cors_test.go | 9 +++++++++ utils.go | 5 +++++ 3 files changed, 17 insertions(+) diff --git a/cors.go b/cors.go index 4113437..6c49c84 100644 --- a/cors.go +++ b/cors.go @@ -26,6 +26,9 @@ type Config struct { // cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS) AllowMethods []string + // AllowPrivateNetwork indicates whether the response should include allow private network header + AllowPrivateNetwork bool + // AllowHeaders is list of non simple headers the client is allowed to use with // cross-domain requests. AllowHeaders []string diff --git a/cors_test.go b/cors_test.go index 17ee3d5..c87d60a 100644 --- a/cors_test.go +++ b/cors_test.go @@ -168,6 +168,15 @@ func TestGeneratePreflightHeaders_AllowCredentials(t *testing.T) { assert.Len(t, header, 2) } +func TestGeneratePreflightHeaders_AllowPrivateNetwork(t *testing.T) { + header := generatePreflightHeaders(Config{ + AllowPrivateNetwork: true, + }) + assert.Equal(t, header.Get("Access-Control-Allow-Private-Network"), "true") + assert.Equal(t, header.Get("Vary"), "Origin") + assert.Len(t, header, 2) +} + func TestGeneratePreflightHeaders_AllowMethods(t *testing.T) { header := generatePreflightHeaders(Config{ AllowMethods: []string{"GET ", "post", "PUT", " put "}, diff --git a/utils.go b/utils.go index 460ef17..b98e90b 100644 --- a/utils.go +++ b/utils.go @@ -45,6 +45,11 @@ func generatePreflightHeaders(c Config) http.Header { value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10) headers.Set("Access-Control-Max-Age", value) } + + if c.AllowPrivateNetwork { + headers.Set("Access-Control-Allow-Private-Network", "true") + } + if c.AllowAllOrigins { headers.Set("Access-Control-Allow-Origin", "*") } else {