(r *http.Request, origin string)
| 300 | } |
| 301 | |
| 302 | func (s *Server) isAllowedOrigin(r *http.Request, origin string) bool { |
| 303 | if origin == "" { |
| 304 | return true |
| 305 | } |
| 306 | normalized := normalizeOrigin(origin) |
| 307 | if normalized == "" { |
| 308 | return false |
| 309 | } |
| 310 | if normalized == s.requestOrigin(r) { |
| 311 | return true |
| 312 | } |
| 313 | |
| 314 | cfg := s.currentConfig() |
| 315 | for _, allowed := range cfg.AllowedOrigins { |
| 316 | if normalizeOrigin(allowed) == normalized { |
| 317 | return true |
| 318 | } |
| 319 | } |
| 320 | |
| 321 | if (cfg.DevMode || isLoopbackBind(cfg.Bind)) && isLoopbackOrigin(normalized) { |
| 322 | return true |
| 323 | } |
| 324 | |
| 325 | return false |
| 326 | } |
| 327 | |
| 328 | func (s *Server) corsMiddleware(next http.Handler) http.Handler { |
| 329 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
no test coverage detected