Using cors.Allow procedurally instead of in the middleware stack

Question

Using cors.Allow procedurally instead of in the middleware stack

ian-lewis-cs opened this issue 10 years ago · 4 comments

The examples provided demonstrate using cors.Allow() in the Martini middleware stack.

In my case I am working on a router service which has a single handler as middleware and passes off the various actions in a procedural manner.

Is it valid to do the following inside my handler:

doCors := cors.Allow(&cors.Options{
    AllowOrigins:     permittedDomains,
})

doCors(response, request)

I've left out any additional logic.

Many thanks,
Ian

Answer 1 · 2014-05-15T21:47:50.000Z

If you want to re-write the Martini router....

The second example in the readme demonstrates how to inject CORS before your Handler is called to respond to pre-flight requests for options.

I would just inject it before your handler like so:

allowCORSHandler := cors.Allow(&cors.Options{
  AllowOrigins:     []string{"https://*.foo.com"},
  AllowMethods:     []string{"PUT", "PATCH"},
  AllowHeaders:     []string{"Origin"},
})

m.Put("/api/books", allowCORSHandler, func() string {
  // ...
})

Answer 2 · 2014-05-15T21:59:57.000Z

You know, CORS is not that complex, you could write your own CORS implementation.

Answer 3 · 2014-05-16T08:09:05.000Z

Like @vastbinderj said, you can add the cors handler to your handler chain, if you want it to set it globally for all routes.

Closing this issue, if this suggestion doesn't solve your problem, please reopen it.

Answer 4 · 2014-05-19T12:27:21.000Z

Thanks for the help!