Skip to content

captncraig/cors

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cors gives you easy control over Cross Origin Resource Sharing for your site.

It allows you to whitelist particular domains per route, or to simply allow all domains * If desired you may customize nearly every aspect of the specification.

Syntax

cors [path] [domains...] {
	origin            [origin]
	origin_regexp     [regexp]
	methods           [methods]
	allow_credentials [allowCredentials]
	max_age           [maxAge]
	allowed_headers   [allowedHeaders]
	exposed_headers   [exposedHeaders]
}
  • path is the file or directory this applies to (default is /).
  • domains is a space-seperated list of domains to allow. If ommitted, all domains will be granted access.
  • origin is a domain to grant access to. May be specified multiple times or ommitted.
  • origin_regexp is a regexp that will be matched to the Origin header. Access will be granted accordingly. It can be used in conjonction with the origin config (executed as a fallback to origin). May be specified multiple times or ommitted.
  • methods is set of http methods to allow. Default is these: POST,GET,OPTIONS,PUT,DELETE.
  • allow_credentials sets the value of the Access-Control-Allow-Credentials header. Can be true or false. By default, header will not be included.
  • max_age is the length of time in seconds to cache preflight info. Not set by default.
  • allowed_headers is a comma-seperated list of request headers a client may send.
  • exposed_headers is a comma-seperated list of response headers a client may access.

Examples

Simply allow all domains to request any path:

cors

Protect specific paths only, and only allow a few domains:

cors /foo http://mysite.com http://anothertrustedsite.com

Full configuration:

cors / {
  origin            http://allowedSite.com
  origin            http://anotherSite.org https://anotherSite.org
  origin_regexp     .+\.example\.com$
  methods           POST,PUT
  allow_credentials false
  max_age           3600
  allowed_headers   X-Custom-Header,X-Foobar
  exposed_headers   X-Something-Special,SomethingElse
}

About

Cross Origin Resource Sharing middleware for go

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •