-
-
Notifications
You must be signed in to change notification settings - Fork 381
/
Copy pathcors.go
37 lines (30 loc) · 1.57 KB
/
cors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package config
// CORS configuration.
type CORS struct {
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
// If the special "*" value is present in the list, all origins will be allowed.
// An origin may contain a wildcard (*) to replace 0 or more characters
// (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penalty.
// Only one wildcard can be used per origin.
// Default value is ["*"]
AllowedOrigins []string `json:"allowed_origins"`
// AllowedMethods is a list of methods the client is allowed to use with
// cross-domain requests. Default value is simple methods (GET and POST)
AllowedMethods []string `json:"allowed_methods"`
// AllowedHeaders is list of non simple headers the client is allowed to use with
// cross-domain requests.
// If the special "*" value is present in the list, all headers will be allowed.
// Default value is [] but "Origin" is always appended to the list.
AllowedHeaders []string `json:"allowed_headers"`
// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
// API specification
ExposedHeaders []string `json:"exposed_headers"`
// AllowCredentials indicates whether the request can include user credentials like
// cookies, HTTP authentication or client side SSL certificates.
AllowCredentials bool `json:"allow_credentials"`
// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached.
MaxAge int `json:"max_age"`
// Debugging flag adds additional output to debug server side CORS issues
Debug bool `json:"debug"`
}