diff options
| -rw-r--r-- | .rr.yaml | 8 | ||||
| -rw-r--r-- | service/http/config.go | 1 | ||||
| -rw-r--r-- | service/http/service.go | 4 |
3 files changed, 12 insertions, 1 deletions
@@ -30,12 +30,18 @@ http: # HTTP service provides built-in middlewares middlewares: - # Middleware to handle CORS requests + # Middleware to handle CORS requests, https://www.w3.org/TR/cors/ cors: + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin AllowedOrigin: "*" + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers allowedHeaders: "*" + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods allowedMethods: "GET,POST,PUT,DELETE" + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials allowCredentials: true + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers + exposedHeaders: "Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma" maxAge: 600 # Middleware that adding Headers to the Request / Response headers: diff --git a/service/http/config.go b/service/http/config.go index 2897d1f7..e2f42626 100644 --- a/service/http/config.go +++ b/service/http/config.go @@ -50,6 +50,7 @@ type CORSMiddlewareConfig struct { AllowedMethods string AllowedHeaders string AllowCredentials *bool + ExposedHeaders string MaxAge int } diff --git a/service/http/service.go b/service/http/service.go index 527aca1b..f394f6af 100644 --- a/service/http/service.go +++ b/service/http/service.go @@ -315,6 +315,10 @@ func addCORSHeaders(w http.ResponseWriter, r *http.Request, options *CORSMiddlew headers.Set("Access-Control-Allow-Headers", options.AllowedHeaders) } + if options.ExposedHeaders != "" { + headers.Set("Access-Control-Expose-Headers", options.ExposedHeaders) + } + if options.AllowCredentials != nil { headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*options.AllowCredentials)) } |