Home Explore Help
Register Sign In
publics
/
gin-contrib__cors
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #13 from gin-contrib/test

fix testing from #11
Bo-Yi Wu 9 years ago
parent
d075cad469 a22aeebf59
commit
da1a40b05a
2 changed files with 6 additions and 4 deletions
Split View Show Diff Stats
  1. 3 1
      config.go
  2. 3 3
      cors_test.go

+ 3 - 1
config.go
View File 

@@ -8,6 +8,7 @@ import (
 
 
 type cors struct {
 
 	allowAllOrigins  bool
 
+	allowCredentials bool
 
 	allowOriginFunc  func(string) bool
 
 	allowOrigins     []string
 
 	exposeHeaders    []string
 
@@ -22,6 +23,7 @@ func newCors(config Config) *cors {
 
 	return &cors{
 
 		allowOriginFunc:  config.AllowOriginFunc,
 
 		allowAllOrigins:  config.AllowAllOrigins,
 
+		allowCredentials: config.AllowCredentials,
 
 		allowOrigins:     normalize(config.AllowOrigins),
 
 		normalHeaders:    generateNormalHeaders(config),
 
 		preflightHeaders: generatePreflightHeaders(config),
 
@@ -46,7 +48,7 @@ func (cors *cors) applyCors(c *gin.Context) {
 
 		cors.handleNormal(c)
 
 	}
 
 
-	if !cors.allowAllOrigins {
 
+	if !cors.allowAllOrigins && !cors.allowCredentials {
 
 		c.Header("Access-Control-Allow-Origin", origin)
 
 	}
 
 }

+ 3 - 3
cors_test.go
View File 

@@ -217,7 +217,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
 
 		AllowMethods:     []string{" GeT ", "get", "post", "PUT  ", "Head", "POST"},
 
 		AllowHeaders:     []string{"Content-type", "timeStamp "},
 
 		ExposeHeaders:    []string{"Data", "x-User"},
 
-		AllowCredentials: true,
 
+		AllowCredentials: false,
 
 		MaxAge:           12 * time.Hour,
 
 		AllowOriginFunc: func(origin string) bool {
 
 			return origin == "http://github.com"
 
@@ -235,7 +235,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
 
 	w = performRequest(router, "GET", "http://google.com")
 
 	assert.Equal(t, w.Body.String(), "get")
 
 	assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
 
-	assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
 
+	assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "")
 
 	assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "Data,X-User")
 
 
 	// deny CORS request
 
@@ -249,7 +249,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
 
 	w = performRequest(router, "OPTIONS", "http://github.com")
 
 	assert.Equal(t, w.Code, 200)
 
 	assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
 
-	assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
 
+	assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "")
 
 	assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "GET,POST,PUT,HEAD")
 
 	assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "Content-Type,Timestamp")
 
 	assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")