Question: What is the easiest way to deal with CORS?

Question

Question: What is the easiest way to deal with CORS?

Opened this issue 11 years ago · 8 comments

I have a client app in a different domain so the browser is trying to do a preflight request. e.g.

OPTIONS /accounts HTTP/1.1
Host    localhost:5000
Access-Control-Request-Method   GET
Origin  http://localhost:9000
Access-Control-Request-Headers  accept, x-requested-with
Accept  */*
Referer http://localhost:9000/
...

I would like goweb to generate the necessary response for any request coming for a particular url e.g.

Access-Control-Allow-Origin: http://localhost:9000
Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Allow-Headers: X-Custom-Header
Content-Type: text/html; charset=utf-8

Can you please give me an example on how to deal with this? Thanks

Answer 1 · 2013-10-10T21:33:03.000Z

I am doing this manually e.g.

goweb.Map(goweb_http.MethodOptions, "/{*}", func(ctx context.Context) error {
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT")
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Headers", "origin, x-requested-with, accept")
    return nil
})

But I wonder if goweb should have some kind of convenience method to do this, if it already have one I haven't found.

Answer 2 · 2013-10-10T21:43:52.000Z

Hmm… that's not a bad idea at all. What kind of interface would you expect?

Do you think it should go into a goweb/cores package?

On 10 Oct 2013, at 15:33, Sebastian Porto notifications@github.com wrote:

I am doing this manually e.g.

goweb.Map(goweb_http.MethodOptions, "/{*}", func(ctx context.Context) error {
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT")
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Headers", "origin, x-requested-with, accept")
return nil
})
But I wonder if goweb should have some kind of convenience method to do this, if it already have one I haven't found.

—
Reply to this email directly or view it on GitHub.

Answer 3 · 2013-10-17T10:44:08.000Z

It would be nice to have a simple catch all method like:

goweb.AllowCORSFor(whitelistedDomains, options)

don't really know what kind of options would you pass, I haven't done too much work with CORS yet.

Answer 4 · 2013-10-17T15:10:17.000Z

Would using a MapBefore method work better here?

On 17 Oct 2013, at 04:44, Sebastian Porto notifications@github.com wrote:

It would be nice to have a simple catch all method like:

goweb.AllowCORSFor(whitelistedDomains, options)
don't really know what kind of options would you pass, I haven't done too much work with CORS yet.

—
Reply to this email directly or view it on GitHub.

Answer 5 · 2013-10-17T21:36:52.000Z

Sorry, closed this by mistake, when trying to comment.

Looking at the documentation MapBefore could be more flexible, or it could be some special handler you pass to Map:

goweb.Map(goweb_http.MethodOptions, "/{*}", goweb.CORSHandler(whitelistedDomains))

Answer 6 · 2013-11-05T16:07:23.000Z

I quite like that - fancy doing a PR?

Answer 7 · 2013-11-05T16:12:59.000Z

see https://github.com/stretchr/goweb/wiki/Development-practices

Answer 8 · 2013-11-10T21:28:13.000Z

I would like to, if I can find the spare time to have a go I will do it. Thanks