A tiny toolkit for Go CORS support.
CORS means "Cross-Origin Resource Sharing", which your can find more info here[http://enable-cors.org/]
cors := gocors.New()
http.Handle("/", cors.Handler(x))For any http.Handler x, just replace it with cors.Handler(x), then the handler will have the ability of handling CORS request.
Install with go get command:
go get github.com/semicircle/gocors
The Go distribution is the only dependency.
All the features described in this article[www.html5rocks.com/en/tutorials/cors/] and a TL;DR version[http://www.html5rocks.com/static/images/cors_server_flowchart.png]
So, all the 'Access-Control' parameters can be set by this:
c := gocors.New()
// for the 'Access-Control-xxx' headers.
c.SetAllowOrigin("*")
c.SetAllowMethods([]string{"PUT", "POST", "DELETE"})
//important: must contain a 'origin', for I found Chrome's request contains this header.
c.SetAllowHeaders([]string{"Custom-Headers", "origin"})
...Important: SetAllowHeaders () must be called with a 'origin' header.
In fact, this code is unstable now, I have only tested with www.test-cors.org.
It works for me.
This piece of code designed to work with a "nice" browser. A 'nice' browser means it follows the flow-chart of the CORS in the communication.So, if any request that didn't obey the Access-Control rules, they will NOT be denied.
In other words, Gocors just tells a 'nice' browser: "you can make a Cross Domain request", and is NOT responsible of any security issue.
This is because checking if the request is valid is meaningless, and any program, spider or so, can make a "non Cross Domain" request directly.
This is a quick and dirty implement. A 'just work' implement.
So, any pull requests are welcome.