-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
incorrect_example_test.go
36 lines (31 loc) · 1 KB
/
incorrect_example_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package fcors_test
import (
"log"
"net/http"
"github.com/jub0bs/fcors"
)
// The example below illustrates a common pitfall.
//
// A good rule of thumb for avoiding this pitfall consists in
// registering the result of a Middleware,
// not for a method-full pattern (e.g. "GET /api/dogs"),
// but for a "method-less" pattern; see the other example.
func ExampleAllowAccess_incorrect() {
cors, err := fcors.AllowAccess(
fcors.FromOrigins("https://example"),
)
if err != nil {
log.Fatal(err)
}
mux := http.NewServeMux()
// Because the pattern for which the result of Middleware is registered
// unduly specifies a method (other than OPTIONS),
// CORS-preflight requests to /api/dogs cannot reach the CORS middleware.
// Therefore, CORS preflight will systematically fail
// and you'll have a bad day...
mux.Handle("GET /api/dogs", cors(http.HandlerFunc(handleDogsGet))) // incorrect!
log.Fatal(http.ListenAndServe(":8080", mux))
}
func handleDogsGet(w http.ResponseWriter, _ *http.Request) {
// omitted
}