435c0d9fc8
This PR switches the Nomad repository from using govendor to Go modules for managing dependencies. Aspects of the Nomad workflow remain pretty much the same. The usual Makefile targets should continue to work as they always did. The API submodule simply defers to the parent Nomad version on the repository, keeping the semantics of API versioning that currently exists. |
||
---|---|---|
.. | ||
.travis.yml | ||
cors.go | ||
LICENSE | ||
README.md | ||
utils.go |
Go CORS handler
CORS is a net/http
handler implementing Cross Origin Resource Sharing W3 specification in Golang.
Getting Started
After installing Go and setting up your GOPATH, create your first .go
file. We'll call it server.go
.
package main
import (
"net/http"
"github.com/rs/cors"
)
func main() {
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Write([]byte("{\"hello\": \"world\"}"))
})
// cors.Default() setup the middleware with default options being
// all origins accepted with simple methods (GET, POST). See
// documentation below for more options.
handler := cors.Default().Handler(mux)
http.ListenAndServe(":8080", handler)
}
Install cors
:
go get github.com/rs/cors
Then run your server:
go run server.go
The server now runs on localhost:8080
:
$ curl -D - -H 'Origin: http://foo.com' http://localhost:8080/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: foo.com
Content-Type: application/json
Date: Sat, 25 Oct 2014 03:43:57 GMT
Content-Length: 18
{"hello": "world"}
More Examples
net/http
: examples/nethttp/server.go- Goji: examples/goji/server.go
- Martini: examples/martini/server.go
- Negroni: examples/negroni/server.go
- Alice: examples/alice/server.go
- HttpRouter: examples/httprouter/server.go
Parameters
Parameters are passed to the middleware thru the cors.New
method as follow:
c := cors.New(cors.Options{
AllowedOrigins: []string{"http://foo.com"},
AllowCredentials: true,
})
// Insert the middleware
handler = c.Handler(handler)
- AllowedOrigins
[]string
: A list of origins a cross-domain request can be executed from. If the special*
value is present in the list, all origins will be allowed. An origin may contain a wildcard (*
) to replace 0 or more characters (i.e.:http://*.domain.com
). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin. The default value is*
. - AllowOriginFunc
func (origin string) bool
: A custom function to validate the origin. It take the origin as argument and returns true if allowed or false otherwise. If this option is set, the content ofAllowedOrigins
is ignored - AllowedMethods
[]string
: A list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (GET
andPOST
). - AllowedHeaders
[]string
: A list of non simple headers the client is allowed to use with cross-domain requests. - ExposedHeaders
[]string
: Indicates which headers are safe to expose to the API of a CORS API specification - AllowCredentials
bool
: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default isfalse
. - MaxAge
int
: Indicates how long (in seconds) the results of a preflight request can be cached. The default is0
which stands for no max age. - OptionsPassthrough
bool
: Instructs preflight to let other potential next handlers to process theOPTIONS
method. Turn this on if your application handlesOPTIONS
. - Debug
bool
: Debugging flag adds additional output to debug server side CORS issues.
See API documentation for more info.
Benchmarks
BenchmarkWithout 20000000 64.6 ns/op 8 B/op 1 allocs/op
BenchmarkDefault 3000000 469 ns/op 114 B/op 2 allocs/op
BenchmarkAllowedOrigin 3000000 608 ns/op 114 B/op 2 allocs/op
BenchmarkPreflight 20000000 73.2 ns/op 0 B/op 0 allocs/op
BenchmarkPreflightHeader 20000000 73.6 ns/op 0 B/op 0 allocs/op
BenchmarkParseHeaderList 2000000 847 ns/op 184 B/op 6 allocs/op
BenchmarkParse…Single 5000000 290 ns/op 32 B/op 3 allocs/op
BenchmarkParse…Normalized 2000000 776 ns/op 160 B/op 6 allocs/op
Licenses
All source code is licensed under the MIT License.