go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-02-09 02:34:55 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

cors: add vary header

Browse Source 
looking for a CORS middleware with more options? Take a look at iris-contrib/middleware/cors instead
This commit is contained in:
Gerasimos (Makis) Maropoulos 2022-03-03 02:31:01 +02:00
parent da50af4ffd
commit f397c30caf
No known key found for this signature in database
GPG Key ID: 66FCC29BD385FCA6
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -2,7 +2,7 @@
# News # News
> This is the under-**development branch**. Stay tuned for the upcoming release [v12.2.0](HISTORY.md#Next). Looking for a stable release? Head over to the [v12.1.8 branch](https://github.com/kataras/iris/tree/v12.1.8) instead. > This is the under-**development branch** - contains the latest and greatest features. Stay tuned for the upcoming release [v12.2.0](HISTORY.md#Next). Looking for a more stable release? Head over to the [v12.1.8 branch](https://github.com/kataras/iris/tree/v12.1.8) instead.
> >
> ![](https://iris-go.com/images/cli.png) Try the official [Iris Command Line Interface](https://github.com/kataras/iris-cli) today! > ![](https://iris-go.com/images/cli.png) Try the official [Iris Command Line Interface](https://github.com/kataras/iris-cli) today!

23
middleware/cors/cors.go
View File

@ -267,17 +267,30 @@ const (
allowCredentialsHeader = "Access-Control-Allow-Credentials" allowCredentialsHeader = "Access-Control-Allow-Credentials"
referrerPolicyHeader = "Referrer-Policy" referrerPolicyHeader = "Referrer-Policy"
exposeHeadersHeader = "Access-Control-Expose-Headers" exposeHeadersHeader = "Access-Control-Expose-Headers"
requestMethodHeader = "Access-Control-Request-Method"
allowMethodsHeader = "Access-Control-Allow-Methods" requestHeadersHeader = "Access-Control-Request-Headers"
allowAllMethodsValue = "*" allowMethodsHeader = "Access-Control-Allow-Methods"
allowHeadersHeader = "Access-Control-Allow-Headers" allowAllMethodsValue = "*"
maxAgeHeader = "Access-Control-Max-Age" allowHeadersHeader = "Access-Control-Allow-Headers"
maxAgeHeader = "Access-Control-Max-Age"
varyHeader = "Vary"
) )
func (c *CORS) addVaryHeaders(ctx *context.Context) {
ctx.Header(varyHeader, originRequestHeader)
if ctx.Method() == http.MethodOptions {
ctx.Header(varyHeader, requestMethodHeader)
ctx.Header(varyHeader, requestHeadersHeader)
}
}
// Handler method returns the Iris CORS Handler with basic features. // Handler method returns the Iris CORS Handler with basic features.
// Note that the caller should NOT modify any of the CORS instance fields afterwards. // Note that the caller should NOT modify any of the CORS instance fields afterwards.
func (c *CORS) Handler() context.Handler { func (c *CORS) Handler() context.Handler {
return func(ctx *context.Context) { return func(ctx *context.Context) {
c.addVaryHeaders(ctx) // add vary headers at any case.
origin, ok := c.extractOriginFunc(ctx) origin, ok := c.extractOriginFunc(ctx)
if !ok || !c.allowOriginFunc(ctx, origin) { if !ok || !c.allowOriginFunc(ctx, origin) {
c.errorHandler(ctx, ErrOriginNotAllowed) c.errorHandler(ctx, ErrOriginNotAllowed)