-
Notifications
You must be signed in to change notification settings - Fork 19
/
cors.go
64 lines (58 loc) · 1.93 KB
/
cors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Copyright (C) 2023 Gobalsky Labs Limited
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package http
import (
"net/http"
"strings"
"github.com/rs/cors"
)
// CORSConfig represents the configuration for CORS.
type CORSConfig struct {
AllowedOrigins []string `description:"Allowed origins for CORS" long:"allowed-origins"`
MaxAge int `description:"Max age (in seconds) for preflight cache" long:"max-age"`
}
func CORSOptions(config CORSConfig) cors.Options {
return cors.Options{
AllowOriginFunc: AllowedOrigin(config.AllowedOrigins),
AllowedMethods: []string{
http.MethodHead,
http.MethodGet,
http.MethodPost,
http.MethodPut,
http.MethodPatch,
http.MethodDelete,
},
AllowedHeaders: []string{"*"},
ExposedHeaders: []string{"*"},
MaxAge: config.MaxAge,
AllowCredentials: false,
}
}
func AllowedOrigin(allowedOrigins []string) func(origin string) bool {
trimScheme := func(origin string) string {
return strings.TrimPrefix(strings.TrimPrefix(origin, "https://"), "http://")
}
return func(origin string) bool {
if len(allowedOrigins) == 0 || allowedOrigins[0] == "*" {
return true
}
for _, allowedOrigin := range allowedOrigins {
if allowedOrigin == origin || trimScheme(allowedOrigin) == trimScheme(origin) {
return true
}
}
return false
}
}