MCPcopy
hub / github.com/esm-dev/esm.sh / cors

Function cors

server/server.go:116–141  ·  view source on GitHub ↗
(allowOrigins []string)

Source from the content-addressed store, hash-verified

114}
115
116func cors(allowOrigins []string) rex.Handle {
117 allowList := set.NewReadOnly(allowOrigins...)
118 return func(ctx *rex.Context) any {
119 origin := ctx.R.Header.Get("Origin")
120 isOptionsMethod := ctx.R.Method == "OPTIONS"
121 h := ctx.W.Header()
122 if allowList.Len() > 0 {
123 if origin != "" {
124 if !allowList.Has(origin) {
125 return rex.Status(403, "forbidden")
126 }
127 setCorsHeaders(h, isOptionsMethod, origin)
128 } else if isOptionsMethod {
129 // not a preflight request
130 return rex.Status(405, "method not allowed")
131 }
132 appendVaryHeader(h, "Origin")
133 } else {
134 setCorsHeaders(h, isOptionsMethod, "*")
135 }
136 if isOptionsMethod {
137 return rex.NoContent()
138 }
139 return ctx.Next()
140 }
141}
142
143func setCorsHeaders(h http.Header, isOptionsMethod bool, origin string) {
144 h.Set("Access-Control-Allow-Origin", origin)

Callers 1

StartFunction · 0.85

Calls 7

setCorsHeadersFunction · 0.85
appendVaryHeaderFunction · 0.85
HeaderMethod · 0.80
HasMethod · 0.80
NextMethod · 0.80
GetMethod · 0.65
LenMethod · 0.45

Tested by

no test coverage detected