登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 1

flanche / echo

forked from guapian / echo 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
cors.go 4.47 KB
一键复制 编辑 原始数据 按行查看 历史
Aimee LaPlant 提交于 2019-01-09 18:15 . Updated comment. (#1245)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
package middleware



import (

	"net/http"

	"strconv"

	"strings"



	"github.com/labstack/echo"

)



type (

	// CORSConfig defines the config for CORS middleware.

	CORSConfig struct {

		// Skipper defines a function to skip middleware.

		Skipper Skipper



		// AllowOrigin defines a list of origins that may access the resource.

		// Optional. Default value []string{"*"}.

		AllowOrigins []string `yaml:"allow_origins"`



		// AllowMethods defines a list methods allowed when accessing the resource.

		// This is used in response to a preflight request.

		// Optional. Default value DefaultCORSConfig.AllowMethods.

		AllowMethods []string `yaml:"allow_methods"`



		// AllowHeaders defines a list of request headers that can be used when

		// making the actual request. This is in response to a preflight request.

		// Optional. Default value []string{}.

		AllowHeaders []string `yaml:"allow_headers"`



		// AllowCredentials indicates whether or not the response to the request

		// can be exposed when the credentials flag is true. When used as part of

		// a response to a preflight request, this indicates whether or not the

		// actual request can be made using credentials.

		// Optional. Default value false.

		AllowCredentials bool `yaml:"allow_credentials"`



		// ExposeHeaders defines a whitelist headers that clients are allowed to

		// access.

		// Optional. Default value []string{}.

		ExposeHeaders []string `yaml:"expose_headers"`



		// MaxAge indicates how long (in seconds) the results of a preflight request

		// can be cached.

		// Optional. Default value 0.

		MaxAge int `yaml:"max_age"`

	}

)



var (

	// DefaultCORSConfig is the default CORS middleware config.

	DefaultCORSConfig = CORSConfig{

		Skipper:      DefaultSkipper,

		AllowOrigins: []string{"*"},

		AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},

	}

)



// CORS returns a Cross-Origin Resource Sharing (CORS) middleware.

// See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS

func CORS() echo.MiddlewareFunc {

	return CORSWithConfig(DefaultCORSConfig)

}



// CORSWithConfig returns a CORS middleware with config.

// See: `CORS()`.

func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {

	// Defaults

	if config.Skipper == nil {

		config.Skipper = DefaultCORSConfig.Skipper

	}

	if len(config.AllowOrigins) == 0 {

		config.AllowOrigins = DefaultCORSConfig.AllowOrigins

	}

	if len(config.AllowMethods) == 0 {

		config.AllowMethods = DefaultCORSConfig.AllowMethods

	}



	allowMethods := strings.Join(config.AllowMethods, ",")

	allowHeaders := strings.Join(config.AllowHeaders, ",")

	exposeHeaders := strings.Join(config.ExposeHeaders, ",")

	maxAge := strconv.Itoa(config.MaxAge)



	return func(next echo.HandlerFunc) echo.HandlerFunc {

		return func(c echo.Context) error {

			if config.Skipper(c) {

				return next(c)

			}



			req := c.Request()

			res := c.Response()

			origin := req.Header.Get(echo.HeaderOrigin)

			allowOrigin := ""



			// Check allowed origins

			for _, o := range config.AllowOrigins {

				if o == "*" && config.AllowCredentials {

					allowOrigin = origin

					break

				}

				if o == "*" || o == origin {

					allowOrigin = o

					break

				}

			}



			// Simple request

			if req.Method != http.MethodOptions {

				res.Header().Add(echo.HeaderVary, echo.HeaderOrigin)

				res.Header().Set(echo.HeaderAccessControlAllowOrigin, allowOrigin)

				if config.AllowCredentials {

					res.Header().Set(echo.HeaderAccessControlAllowCredentials, "true")

				}

				if exposeHeaders != "" {

					res.Header().Set(echo.HeaderAccessControlExposeHeaders, exposeHeaders)

				}

				return next(c)

			}



			// Preflight request

			res.Header().Add(echo.HeaderVary, echo.HeaderOrigin)

			res.Header().Add(echo.HeaderVary, echo.HeaderAccessControlRequestMethod)

			res.Header().Add(echo.HeaderVary, echo.HeaderAccessControlRequestHeaders)

			res.Header().Set(echo.HeaderAccessControlAllowOrigin, allowOrigin)

			res.Header().Set(echo.HeaderAccessControlAllowMethods, allowMethods)

			if config.AllowCredentials {

				res.Header().Set(echo.HeaderAccessControlAllowCredentials, "true")

			}

			if allowHeaders != "" {

				res.Header().Set(echo.HeaderAccessControlAllowHeaders, allowHeaders)

			} else {

				h := req.Header.Get(echo.HeaderAccessControlRequestHeaders)

				if h != "" {

					res.Header().Set(echo.HeaderAccessControlAllowHeaders, h)

				}

			}

			if config.MaxAge > 0 {

				res.Header().Set(echo.HeaderAccessControlMaxAge, maxAge)

			}

			return c.NoContent(http.StatusNoContent)

		}

	}

}
1
https://gitee.com/flanche/echo.git
git@gitee.com:flanche/echo.git
flanche
echo
echo
v3.3.10
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部