gf/net/ghttp/ghttp_response_cors.go

// Copyright 2019 gf Author(https://github.com/gogf/gf). All Rights Reserved.
//
// This Source Code Form is subject to the terms of the MIT License.
// If a copy of the MIT was not distributed with this file,
// You can obtain one at https://github.com/gogf/gf.
//

package ghttp

import (
	"net/url"

	"github.com/gogf/gf/text/gstr"
	"github.com/gogf/gf/util/gconv"
)

// CORSOptions is the options for CORS feature.
// See https://www.w3.org/TR/cors/ .
type CORSOptions struct {
	AllowDomain      []string // Used for allowing requests from custom domains
	AllowOrigin      string   // Access-Control-Allow-Origin
	AllowCredentials string   // Access-Control-Allow-Credentials
	ExposeHeaders    string   // Access-Control-Expose-Headers
	MaxAge           int      // Access-Control-Max-Age
	AllowMethods     string   // Access-Control-Allow-Methods
	AllowHeaders     string   // Access-Control-Allow-Headers
}

// DefaultCORSOptions returns the default CORS options,
// which allows any cross-domain request.
func (r *Response) DefaultCORSOptions() CORSOptions {
	options := CORSOptions{
		AllowOrigin:      "*",
		AllowMethods:     HTTP_METHODS,
		AllowCredentials: "true",
		AllowHeaders:     "Origin,Content-Type,Accept,User-Agent,Cookie,Authorization,X-Auth-Token,X-Requested-With",
		MaxAge:           3628800,
	}
	if origin := r.Request.Header.Get("Origin"); origin != "" {
		options.AllowOrigin = origin
	} else if referer := r.Request.Referer(); referer != "" {
		if p := gstr.PosR(referer, "/", 6); p != -1 {
			options.AllowOrigin = referer[:p]
		} else {
			options.AllowOrigin = referer
		}
	}
	return options
}

// CORS sets custom CORS options.
// See https://www.w3.org/TR/cors/ .
func (r *Response) CORS(options CORSOptions) {
	if r.CORSAllowedOrigin(options) {
		r.Header().Set("Access-Control-Allow-Origin", options.AllowOrigin)
	}
	if options.AllowCredentials != "" {
		r.Header().Set("Access-Control-Allow-Credentials", options.AllowCredentials)
	}
	if options.ExposeHeaders != "" {
		r.Header().Set("Access-Control-Expose-Headers", options.ExposeHeaders)
	}
	if options.MaxAge != 0 {
		r.Header().Set("Access-Control-Max-Age", gconv.String(options.MaxAge))
	}
	if options.AllowMethods != "" {
		r.Header().Set("Access-Control-Allow-Methods", options.AllowMethods)
	}
	if options.AllowHeaders != "" {
		r.Header().Set("Access-Control-Allow-Headers", options.AllowHeaders)
	}
}

// CORSAllowed checks whether the current request origin is allowed cross-domain.
func (r *Response) CORSAllowedOrigin(options CORSOptions) bool {
	if options.AllowDomain == nil {
		return true
	}
	origin := r.Request.Header.Get("Origin")
	if origin == "" {
		return true
	}
	parsed, err := url.Parse(origin)
	if err != nil {
		return false
	}
	for _, v := range options.AllowDomain {
		if gstr.IsSubDomain(parsed.Host, v) {
			return true
		}
	}
	return false
}

// CORSDefault sets CORS with default CORS options,
// which allows any cross-domain request.
func (r *Response) CORSDefault() {
	r.CORS(r.DefaultCORSOptions())
}
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`// Copyright 2019 gf Author(https://github.com/gogf/gf). All Rights Reserved.`
			`//`
			`// This Source Code Form is subject to the terms of the MIT License.`
			`// If a copy of the MIT was not distributed with this file,`
			`// You can obtain one at https://github.com/gogf/gf.`
			`//`

			`package ghttp`

			`import (`
add AllowDomain option for ghttp.CORS; add IsSubDomain function for gstr; improve grand.Intn 2019-09-23 19:25:03 +08:00			`"net/url"`

improve CORS feature for ghttp.Server 2019-09-03 17:18:16 +08:00			`"github.com/gogf/gf/text/gstr"`
update project structure 2019-07-29 21:01:19 +08:00			`"github.com/gogf/gf/util/gconv"`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`)`

update travis for adding mysql password; add custom view feature for ghttp.Response 2019-11-20 12:09:26 +08:00			`// CORSOptions is the options for CORS feature.`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`// See https://www.w3.org/TR/cors/ .`
			`type CORSOptions struct {`
improve gfile/gstr/ghttp 2019-09-23 16:21:19 +08:00			`AllowDomain []string // Used for allowing requests from custom domains`
			`AllowOrigin string // Access-Control-Allow-Origin`
			`AllowCredentials string // Access-Control-Allow-Credentials`
			`ExposeHeaders string // Access-Control-Expose-Headers`
			`MaxAge int // Access-Control-Max-Age`
			`AllowMethods string // Access-Control-Allow-Methods`
			`AllowHeaders string // Access-Control-Allow-Headers`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`}`

improve gfile/gstr/ghttp 2019-09-23 16:21:19 +08:00			`// DefaultCORSOptions returns the default CORS options,`
			`// which allows any cross-domain request.`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`func (r *Response) DefaultCORSOptions() CORSOptions {`
improve CORS feature for ghttp.Server 2019-09-03 17:18:16 +08:00			`options := CORSOptions{`
improve ghttp.CORSDefault 2019-06-24 19:05:07 +08:00			`AllowOrigin: "*",`
gofmt 2019-06-19 09:06:52 +08:00			`AllowMethods: HTTP_METHODS,`
			`AllowCredentials: "true",`
fix issue in cors 2019-09-26 15:54:13 +08:00			`AllowHeaders: "Origin,Content-Type,Accept,User-Agent,Cookie,Authorization,X-Auth-Token,X-Requested-With",`
gofmt 2019-06-19 09:06:52 +08:00			`MaxAge: 3628800,`
			`}`
fix issue in cors 2019-09-26 15:54:13 +08:00			`if origin := r.Request.Header.Get("Origin"); origin != "" {`
RELEASE updates 2019-09-23 22:00:04 +08:00			`options.AllowOrigin = origin`
improve ghttp.Response; move gflock to new repo 2019-09-24 20:19:18 +08:00			`} else if referer := r.Request.Referer(); referer != "" {`
improve CORS feature for ghttp.Server 2019-09-03 17:18:16 +08:00			`if p := gstr.PosR(referer, "/", 6); p != -1 {`
			`options.AllowOrigin = referer[:p]`
			`} else {`
			`options.AllowOrigin = referer`
			`}`
			`}`
			`return options`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`}`

improve gfile/gstr/ghttp 2019-09-23 16:21:19 +08:00			`// CORS sets custom CORS options.`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`// See https://www.w3.org/TR/cors/ .`
			`func (r *Response) CORS(options CORSOptions) {`
RELEASE updates 2019-09-23 22:00:04 +08:00			`if r.CORSAllowedOrigin(options) {`
gofmt 2019-06-19 09:06:52 +08:00			`r.Header().Set("Access-Control-Allow-Origin", options.AllowOrigin)`
			`}`
			`if options.AllowCredentials != "" {`
			`r.Header().Set("Access-Control-Allow-Credentials", options.AllowCredentials)`
			`}`
			`if options.ExposeHeaders != "" {`
			`r.Header().Set("Access-Control-Expose-Headers", options.ExposeHeaders)`
			`}`
			`if options.MaxAge != 0 {`
			`r.Header().Set("Access-Control-Max-Age", gconv.String(options.MaxAge))`
			`}`
			`if options.AllowMethods != "" {`
			`r.Header().Set("Access-Control-Allow-Methods", options.AllowMethods)`
			`}`
			`if options.AllowHeaders != "" {`
			`r.Header().Set("Access-Control-Allow-Headers", options.AllowHeaders)`
			`}`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`}`

update travis for adding mysql password; add custom view feature for ghttp.Response 2019-11-20 12:09:26 +08:00			`// CORSAllowed checks whether the current request origin is allowed cross-domain.`
RELEASE updates 2019-09-23 22:00:04 +08:00			`func (r *Response) CORSAllowedOrigin(options CORSOptions) bool {`
			`if options.AllowDomain == nil {`
			`return true`
			`}`
improve ghttp.Response; move gflock to new repo 2019-09-24 20:19:18 +08:00			`origin := r.Request.Header.Get("Origin")`
RELEASE updates 2019-09-23 22:00:04 +08:00			`if origin == "" {`
improve ghttp.Response; move gflock to new repo 2019-09-24 20:19:18 +08:00			`return true`
RELEASE updates 2019-09-23 22:00:04 +08:00			`}`
			`parsed, err := url.Parse(origin)`
			`if err != nil {`
			`return false`
			`}`
			`for _, v := range options.AllowDomain {`
			`if gstr.IsSubDomain(parsed.Host, v) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

improve gfile/gstr/ghttp 2019-09-23 16:21:19 +08:00			`// CORSDefault sets CORS with default CORS options,`
			`// which allows any cross-domain request.`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`func (r *Response) CORSDefault() {`
gofmt 2019-06-19 09:06:52 +08:00			`r.CORS(r.DefaultCORSOptions())`
update CORS feature of ghttp.Response; add more unit cases for ghttp.Server 2019-03-01 23:45:55 +08:00			`}`