-
Notifications
You must be signed in to change notification settings - Fork 28
/
main.go
84 lines (77 loc) · 2.34 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// cors example
//
// ie.
//
// Unsuccessful Preflight request:
// ===============================
// $ curl -i http://localhost:3000/ -H "Origin: http://no.com" -H "Access-Control-Request-Method: GET" -X OPTIONS
// HTTP/1.1 200 OK
// Vary: Origin
// Vary: Access-Control-Request-Method
// Vary: Access-Control-Request-Headers
// Date: Fri, 28 Jul 2017 17:55:47 GMT
// Content-Length: 0
// Content-Type: text/plain; charset=utf-8
//
//
// Successful Preflight request:
// =============================
// $ curl -i http://localhost:3000/ -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -X OPTIONS
// HTTP/1.1 200 OK
// Access-Control-Allow-Credentials: true
// Access-Control-Allow-Methods: GET
// Access-Control-Allow-Origin: http://example.com
// Access-Control-Max-Age: 300
// Vary: Origin
// Vary: Access-Control-Request-Method
// Vary: Access-Control-Request-Headers
// Date: Fri, 28 Jul 2017 17:56:44 GMT
// Content-Length: 0
// Content-Type: text/plain; charset=utf-8
//
//
// Content request (after a successful preflight):
// ===============================================
// $ curl -i http://localhost:3000/ -H "Origin: http://example.com"
// HTTP/1.1 200 OK
// Access-Control-Allow-Credentials: true
// Access-Control-Allow-Origin: http://example.com
// Access-Control-Expose-Headers: Link
// Vary: Origin
// Date: Fri, 28 Jul 2017 17:57:52 GMT
// Content-Length: 7
// Content-Type: text/plain; charset=utf-8
//
// welcome%
//
package main
import (
"net/http"
"github.com/go-chi/chi"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/cors"
)
func main() {
r := chi.NewRouter()
r.Use(middleware.Logger)
// Basic CORS
// for more ideas, see: https://developer.github.com/v3/#cross-origin-resource-sharing
r.Use(cors.Handler(cors.Options{
AllowOriginFunc: AllowOriginFunc,
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
ExposedHeaders: []string{"Link"},
AllowCredentials: true,
MaxAge: 300, // Maximum value not ignored by any of major browsers
}))
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("welcome"))
})
http.ListenAndServe(":3000", r)
}
func AllowOriginFunc(r *http.Request, origin string) bool {
if origin == "http://example.com" {
return true
}
return false
}