CorsConfig generates a config to use in gin cors middleware based on server configuration.
(conf *config.Configuration)
| 12 | |
| 13 | // CorsConfig generates a config to use in gin cors middleware based on server configuration. |
| 14 | func CorsConfig(conf *config.Configuration) cors.Config { |
| 15 | corsConf := cors.Config{ |
| 16 | MaxAge: 12 * time.Hour, |
| 17 | AllowBrowserExtensions: true, |
| 18 | } |
| 19 | if mode.IsDev() { |
| 20 | corsConf.AllowAllOrigins = true |
| 21 | corsConf.AllowMethods = []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"} |
| 22 | corsConf.AllowHeaders = []string{ |
| 23 | "X-Gotify-Key", "Authorization", "Content-Type", "Upgrade", "Origin", |
| 24 | "Connection", "Accept-Encoding", "Accept-Language", "Host", |
| 25 | } |
| 26 | } else { |
| 27 | compiledOrigins := compileAllowedCORSOrigins(conf.Server.Cors.AllowOrigins) |
| 28 | corsConf.AllowMethods = conf.Server.Cors.AllowMethods |
| 29 | corsConf.AllowHeaders = conf.Server.Cors.AllowHeaders |
| 30 | corsConf.AllowOriginFunc = func(origin string) bool { |
| 31 | for _, compiledOrigin := range compiledOrigins { |
| 32 | if compiledOrigin.MatchString(strings.ToLower(origin)) { |
| 33 | return true |
| 34 | } |
| 35 | } |
| 36 | return false |
| 37 | } |
| 38 | if allowedOrigin := headerIgnoreCase(conf, "access-control-allow-origin"); allowedOrigin != "" && len(compiledOrigins) == 0 { |
| 39 | corsConf.AllowOrigins = append(corsConf.AllowOrigins, allowedOrigin) |
| 40 | } |
| 41 | } |
| 42 | |
| 43 | return corsConf |
| 44 | } |
| 45 | |
| 46 | func headerIgnoreCase(conf *config.Configuration, search string) (value string) { |
| 47 | for key, value := range conf.Server.ResponseHeaders { |
searching dependent graphs…