| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- package cors
- import (
- "net/http"
- "gopkg.in/gin-gonic/gin.v1"
- )
- type cors struct {
- allowAllOrigins bool
- allowCredentials bool
- allowOriginFunc func(string) bool
- allowOrigins []string
- exposeHeaders []string
- normalHeaders http.Header
- preflightHeaders http.Header
- }
- func newCors(config Config) *cors {
- if err := config.Validate(); err != nil {
- panic(err.Error())
- }
- return &cors{
- allowOriginFunc: config.AllowOriginFunc,
- allowAllOrigins: config.AllowAllOrigins,
- allowCredentials: config.AllowCredentials,
- allowOrigins: normalize(config.AllowOrigins),
- normalHeaders: generateNormalHeaders(config),
- preflightHeaders: generatePreflightHeaders(config),
- }
- }
- func (cors *cors) applyCors(c *gin.Context) {
- origin := c.Request.Header.Get("Origin")
- if len(origin) == 0 {
- // request is not a CORS request
- return
- }
- if !cors.validateOrigin(origin) {
- c.AbortWithStatus(http.StatusForbidden)
- return
- }
- if c.Request.Method == "OPTIONS" {
- cors.handlePreflight(c)
- defer c.AbortWithStatus(200)
- } else {
- cors.handleNormal(c)
- }
- if !cors.allowAllOrigins && !cors.allowCredentials {
- c.Header("Access-Control-Allow-Origin", origin)
- }
- }
- func (cors *cors) validateOrigin(origin string) bool {
- if cors.allowAllOrigins {
- return true
- }
- for _, value := range cors.allowOrigins {
- if value == origin {
- return true
- }
- }
- if cors.allowOriginFunc != nil {
- return cors.allowOriginFunc(origin)
- }
- return false
- }
- func (cors *cors) handlePreflight(c *gin.Context) {
- header := c.Writer.Header()
- for key, value := range cors.preflightHeaders {
- header[key] = value
- }
- }
- func (cors *cors) handleNormal(c *gin.Context) {
- header := c.Writer.Header()
- for key, value := range cors.normalHeaders {
- header[key] = value
- }
- }
|
