This package provides middleware for Golang http server to support CORS requests.
More and more web applications based on distributive architecture. Often frontend and backend are separated parts, so we have to do cross-origin requests from frontend to backend. This package provides support for this requests for golang servers.
Let's create simple server with CORS support.
package main
import (
"github.com/slavamuravey/cors"
"net/http"
)
func main() {
config := &cors.Config{
AllowAllOrigin: false,
AllowOriginPattern: "^https?://localhost(:[0-9]+)?$",
AllowMethods: []string{"DELETE"},
}
corsMiddleware := cors.CreateMiddleware(config)
yourProjectHandler := func (w http.ResponseWriter, r *http.Request) {
w.Write([]byte(`I am handler in your project`))
}
mux := http.NewServeMux()
mux.HandleFunc("/entry", yourProjectHandler)
http.ListenAndServe(":8080", corsMiddleware(mux))
}$ curl -XDELETE -D - -H 'Origin: http://localhost:80' http://localhost:8080/entry
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:80
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Fri, 05 Jun 2020 11:46:05 GMT
Content-Length: 28
Content-Type: text/plain; charset=utf-8
I am handler in your projectIn this example every entry point will support CORS requests.
If you need to add CORS support for single entry point you can do it as in following example:
package main
import (
"github.com/slavamuravey/cors"
"net/http"
)
func main() {
config := &cors.Config{
AllowAllOrigin: false,
AllowOriginPattern: "^https?://localhost(:[0-9]+)?$",
AllowMethods: []string{"DELETE"},
}
corsMiddleware := cors.CreateMiddleware(config)
yourProjectHandler := func (w http.ResponseWriter, r *http.Request) {
w.Write([]byte(`I am handler in your project`))
}
http.HandleFunc("/cors", corsMiddleware(http.HandlerFunc(yourProjectHandler)))
http.HandleFunc("/nocors", yourProjectHandler)
http.ListenAndServe(":8080", nil)
}$curl -XDELETE -D - -H 'Origin: http://localhost:80' http://localhost:8080/cors
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:80
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Fri, 05 Jun 2020 11:52:18 GMT
Content-Length: 28
Content-Type: text/plain; charset=utf-8
I am handler in your project
$ curl -XDELETE -D - -H 'Origin: http://localhost:80' http://localhost:8080/nocors
HTTP/1.1 200 OK
Date: Fri, 05 Jun 2020 11:52:22 GMT
Content-Length: 28
Content-Type: text/plain; charset=utf-8
I am handler in your project- AllowAllHeaders
boolallows all headers which presented in Access-Control-Request-Headers - AllowAllOrigin
boolallows requests from all origins - AllowCredentials
boolsets Access-Control-Allow-Credentials header - AllowHeaders
[]stringis list of allowed headers for request - AllowMethods
[]stringis list of allowed methods for request - AllowOriginPattern
stringis regexp pattern (ex. ^https?://localhost(:[0-9]+)?$) that is used on origin validation stage. - ContinuousPreflight
booldetermines if preflight request must be terminated or it must go next - ExposedHeaders
[]stringis list of headers presented in Access-Control-Expose-Headers header - MaxAge
intsets Access-Control-Max-Age header - PreflightTerminationStatus
intsets status code of response for preflight request
Please read CODE_OF_CONDUCT.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
This project is licensed under the MIT License - see the LICENSE file for details.