Cors #86

Merged
tiger5226 merged 2 commits from cors into master 2021-03-11 03:04:17 +01:00
Showing only changes of commit d7e84c6b97 - Show all commits

View file

@ -20,6 +20,9 @@ var ResponseHeaders map[string]string
// CorsDomains Allowed domains for CORS Policy // CorsDomains Allowed domains for CORS Policy
var CorsDomains []string var CorsDomains []string
// CorsAllowLocalhost if true localhost connections are always allowed
var CorsAllowLocalhost bool
// Log allows logging of events and errors // Log allows logging of events and errors
var Log = func(*http.Request, *Response, error) {} var Log = func(*http.Request, *Response, error) {}
@ -80,9 +83,9 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Header().Set(key, value) w.Header().Set(key, value)
} }
} }
origin := r.Header.Get("origin")
for _, d := range CorsDomains { for _, d := range CorsDomains {
if d == r.Header.Get("origin") { if d == origin {
w.Header().Set("Access-Control-Allow-Origin", d) w.Header().Set("Access-Control-Allow-Origin", d)
vary := w.Header().Get("Vary") vary := w.Header().Get("Vary")
if vary != "*" { if vary != "*" {
@ -95,6 +98,18 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
} }
if CorsAllowLocalhost && strings.HasPrefix(origin, "http://localhost:") {
w.Header().Set("Access-Control-Allow-Origin", origin)
vary := w.Header().Get("Vary")
if vary != "*" {
if vary != "" {
vary += ", "
}
vary += "Origin"
}
w.Header().Set("Vary", vary)
}
// Stop here if its a preflighted OPTIONS request // Stop here if its a preflighted OPTIONS request
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
return return