mirror of
https://github.com/stashapp/stash.git
synced 2025-12-16 05:13:46 +01:00
b4b7cf02b6
* Fix relative URLs * Improve login base URL and redirects * Prevent duplicate customlocales requests * Improve UI base URL handling * Improve UI embedding * Improve CSP header * Add Cache-Control headers to all responses * Improve CORS responses * Improve authentication handler * Add back media timestamp suffixes * Fix default image handling * Add default param to other image URLs |
||
|---|---|---|
| .. | ||
| cors.go | ||
| LICENSE | ||
| README.md | ||
| utils.go | ||
CORS net/http middleware
go-chi/cors is a fork of github.com/rs/cors that
provides a net/http compatible middleware for performing preflight CORS checks on the server side. These headers
are required for using the browser native Fetch API.
This middleware is designed to be used as a top-level middleware on the chi router.
Applying with within a r.Group() or using With() will not work without routes matching OPTIONS added.
Usage
func main() {
r := chi.NewRouter()
// Basic CORS
// for more ideas, see: https://developer.github.com/v3/#cross-origin-resource-sharing
r.Use(cors.Handler(cors.Options{
// AllowedOrigins: []string{"https://foo.com"}, // Use this to allow specific origin hosts
AllowedOrigins: []string{"https://*", "http://*"},
// AllowOriginFunc: func(r *http.Request, origin string) bool { return true },
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
ExposedHeaders: []string{"Link"},
AllowCredentials: false,
MaxAge: 300, // Maximum value not ignored by any of major browsers
}))
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("welcome"))
})
http.ListenAndServe(":3000", r)
}
Credits
All credit for the original work of this middleware goes out to github.com/rs.