summaryrefslogtreecommitdiff
path: root/service/http
diff options
context:
space:
mode:
authorDmitry Patsura <[email protected]>2019-06-20 14:26:33 +0300
committerDmitry Patsura <[email protected]>2019-06-20 14:26:33 +0300
commit878f2d546969e522a9bf5a964f626e3b823ce9a0 (patch)
tree70f77bb4f17421d869d5f476954b4325b86fb34c /service/http
parent4a94c0cb578e5dca6bb43d60127121a16e7217b2 (diff)
Feature(http): Introduce CORS middleware
Diffstat (limited to 'service/http')
-rw-r--r--service/http/config.go13
-rw-r--r--service/http/service.go45
2 files changed, 58 insertions, 0 deletions
diff --git a/service/http/config.go b/service/http/config.go
index 2b8cf049..2897d1f7 100644
--- a/service/http/config.go
+++ b/service/http/config.go
@@ -42,6 +42,15 @@ type Config struct {
type MiddlewaresConfig struct {
Headers *HeaderMiddlewareConfig
+ CORS *CORSMiddlewareConfig
+}
+
+type CORSMiddlewareConfig struct {
+ AllowedOrigin string
+ AllowedMethods string
+ AllowedHeaders string
+ AllowCredentials *bool
+ MaxAge int
}
type HeaderMiddlewareConfig struct {
@@ -49,6 +58,10 @@ type HeaderMiddlewareConfig struct {
CustomResponseHeaders map[string]string
}
+func (c *MiddlewaresConfig) EnableCORS() bool {
+ return c.CORS != nil
+}
+
func (c *MiddlewaresConfig) EnableHeaders() bool {
return c.Headers.CustomRequestHeaders != nil || c.Headers.CustomResponseHeaders != nil
}
diff --git a/service/http/service.go b/service/http/service.go
index 59e7dd5a..3d9f196e 100644
--- a/service/http/service.go
+++ b/service/http/service.go
@@ -12,6 +12,7 @@ import (
"net/http"
"net/http/fcgi"
"net/url"
+ "strconv"
"strings"
"sync"
)
@@ -271,10 +272,54 @@ func (s *Service) headersMiddleware(f http.HandlerFunc) http.HandlerFunc {
}
}
+func handlePreflight(w http.ResponseWriter, r *http.Request, options *CORSMiddlewareConfig) {
+ headers := w.Header()
+
+ headers.Add("Vary", "Origin")
+ headers.Add("Vary", "Access-Control-Request-Method")
+ headers.Add("Vary", "Access-Control-Request-Headers")
+
+ if options.AllowedOrigin != "" {
+ headers.Set("Access-Control-Allow-Origin", options.AllowedOrigin)
+ }
+
+ if options.AllowedHeaders != "" {
+ headers.Set("Access-Control-Allow-Headers", options.AllowedHeaders)
+ }
+
+ if options.AllowedMethods != "" {
+ headers.Set("Access-Control-Allow-Methods", options.AllowedMethods)
+ }
+
+ if options.AllowCredentials != nil {
+ headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*options.AllowCredentials))
+ }
+
+ if options.MaxAge > 0 {
+ headers.Set("Access-Control-Max-Age", strconv.Itoa(options.MaxAge))
+ }
+}
+
+func (s *Service) corsMiddleware(f http.HandlerFunc) http.HandlerFunc {
+ // Define the http.HandlerFunc
+ return func(w http.ResponseWriter, r *http.Request) {
+ if r.Method == http.MethodOptions {
+ handlePreflight(w, r, s.cfg.Middlewares.CORS)
+ w.WriteHeader(http.StatusOK);
+ } else {
+ f(w, r)
+ }
+ }
+}
+
func (s *Service) initMiddlewares() error {
if s.cfg.Middlewares.EnableHeaders() {
s.AddMiddleware(s.headersMiddleware)
}
+ if s.cfg.Middlewares.EnableCORS() {
+ s.AddMiddleware(s.corsMiddleware)
+ }
+
return nil
}