zeromicro
/
go-zero
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
tools/goctl/v1.2.6
tools/goctl/v1.2.4
tools/goctl/v1.2.5
tools/goctl/v1.3.0
tools/goctl/v1.3.0-alpha
tools/goctl/v1.3.0-beta1
tools/goctl/v1.3.1
tools/goctl/v1.3.1-alpha
tools/goctl/v1.3.2
tools/goctl/v1.3.3
tools/goctl/v1.3.4
tools/goctl/v1.3.5
tools/goctl/v1.3.6
tools/goctl/v1.3.7
tools/goctl/v1.3.8
tools/goctl/v1.3.9
tools/goctl/v1.4.0
tools/goctl/v1.4.1
tools/goctl/v1.4.2
tools/goctl/v1.4.3
tools/goctl/v1.4.4
tools/goctl/v1.4.5
tools/goctl/v1.5.0
tools/goctl/v1.5.1
tools/goctl/v1.5.2
tools/goctl/v1.5.3
tools/goctl/v1.5.4
tools/goctl/v1.5.5
tools/goctl/v1.5.6
tools/goctl/v1.6.0
tools/goctl/v1.6.1
tools/goctl/v1.6.2
tools/goctl/v1.6.3
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.3-beta
v1.1.3-pre
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.0-alpha
v1.3.0-beta
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.6.0
v1.6.1
v1.6.2
v1.6.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fe1da14332'
${ noResults }
go-zero/rest/internal/cors/handlers.go

151 lines
3.8 KiB
Go
Raw Blame History

package cors
import (
"bufio"
"errors"
"net"
"net/http"
)
const (
allowOrigin = "Access-Control-Allow-Origin"
allOrigins = "*"
allowMethods = "Access-Control-Allow-Methods"
allowHeaders = "Access-Control-Allow-Headers"
allowCredentials = "Access-Control-Allow-Credentials"
exposeHeaders = "Access-Control-Expose-Headers"
requestMethod = "Access-Control-Request-Method"
requestHeaders = "Access-Control-Request-Headers"
allowHeadersVal = "Content-Type, Origin, X-CSRF-Token, Authorization, AccessToken, Token, Range"
exposeHeadersVal = "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers"
methods = "GET, HEAD, POST, PATCH, PUT, DELETE"
allowTrue = "true"
maxAgeHeader = "Access-Control-Max-Age"
maxAgeHeaderVal = "86400"
varyHeader = "Vary"
originHeader = "Origin"
)
// NotAllowedHandler handles cross domain not allowed requests.
// At most one origin can be specified, other origins are ignored if given, default to be *.
func NotAllowedHandler(fn func(w http.ResponseWriter), origins ...string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gw := &guardedResponseWriter{w: w}
checkAndSetHeaders(gw, r, origins)
if fn != nil {
fn(gw)
}
if r.Method == http.MethodOptions {
gw.WriteHeader(http.StatusNoContent)
} else {
gw.WriteHeader(http.StatusNotFound)
}
})
}
// Middleware returns a middleware that adds CORS headers to the response.
func Middleware(fn func(w http.Header), origins ...string) func(http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
checkAndSetHeaders(w, r, origins)
if fn != nil {
fn(w.Header())
}
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
} else {
next(w, r)
}
}
}
}
type guardedResponseWriter struct {
w http.ResponseWriter
wroteHeader bool
}
func (w *guardedResponseWriter) Flush() {
if flusher, ok := w.w.(http.Flusher); ok {
flusher.Flush()
}
}
func (w *guardedResponseWriter) Header() http.Header {
return w.w.Header()
}
// Hijack implements the http.Hijacker interface.
// This expands the Response to fulfill http.Hijacker if the underlying http.ResponseWriter supports it.
func (w *guardedResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
if hijacked, ok := w.w.(http.Hijacker); ok {
return hijacked.Hijack()
}
return nil, nil, errors.New("server doesn't support hijacking")
}
func (w *guardedResponseWriter) Write(bytes []byte) (int, error) {
return w.w.Write(bytes)
}
func (w *guardedResponseWriter) WriteHeader(code int) {
if w.wroteHeader {
return
}
w.w.WriteHeader(code)
w.wroteHeader = true
}
func checkAndSetHeaders(w http.ResponseWriter, r *http.Request, origins []string) {
setVaryHeaders(w, r)
if len(origins) == 0 {
setHeader(w, allOrigins)
return
}
origin := r.Header.Get(originHeader)
if isOriginAllowed(origins, origin) {
setHeader(w, origin)
}
}
func isOriginAllowed(allows []string, origin string) bool {
for _, o := range allows {
if o == allOrigins {
return true
}
if o == origin {
return true
}
}
return false
}
func setHeader(w http.ResponseWriter, origin string) {
header := w.Header()
header.Set(allowOrigin, origin)
header.Set(allowMethods, methods)
header.Set(allowHeaders, allowHeadersVal)
header.Set(exposeHeaders, exposeHeadersVal)
if origin != allOrigins {
header.Set(allowCredentials, allowTrue)
}
header.Set(maxAgeHeader, maxAgeHeaderVal)
}
func setVaryHeaders(w http.ResponseWriter, r *http.Request) {
header := w.Header()
header.Add(varyHeader, originHeader)
if r.Method == http.MethodOptions {
header.Add(varyHeader, requestMethod)
header.Add(varyHeader, requestHeaders)
}
}
Reference in New Issue View Git Blame Copy Permalink