diff options
| author |  Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> | 2021-08-12 21:03:24 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-08-12 21:03:24 +0200 |
| commit | 98263a7de64269898a2f81207e38943b5c8e8653 (patch) | |
| tree | 743c90f109a6c5d27832d1dcef2388d939f0f77a /vendor/github.com/gin-contrib/cors/config.go | |
| parent | Text duplication fix (#137) (diff) | |
| download | gotosocial-98263a7de64269898a2f81207e38943b5c8e8653.tar.xz | |
Grand test fixup (#138)
* start fixing up tests
* fix up tests + automate with drone
* fiddle with linting
* messing about with drone.yml
* some more fiddling
* hmmm
* add cache
* add vendor directory
* verbose
* ci updates
* update some little things
* update sig
Diffstat (limited to 'vendor/github.com/gin-contrib/cors/config.go')
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/config.go | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/vendor/github.com/gin-contrib/cors/config.go b/vendor/github.com/gin-contrib/cors/config.go new file mode 100644 index 000000000..d4fc11801 --- /dev/null +++ b/vendor/github.com/gin-contrib/cors/config.go @@ -0,0 +1,134 @@ +package cors + +import ( + "net/http" + "strings" + + "github.com/gin-gonic/gin" +) + +type cors struct { + allowAllOrigins bool + allowCredentials bool + allowOriginFunc func(string) bool + allowOrigins []string + exposeHeaders []string + normalHeaders http.Header + preflightHeaders http.Header + wildcardOrigins [][]string +} + +var ( + DefaultSchemas = []string{ + "http://", + "https://", + } + ExtensionSchemas = []string{ + "chrome-extension://", + "safari-extension://", + "moz-extension://", + "ms-browser-extension://", + } + FileSchemas = []string{ + "file://", + } + WebSocketSchemas = []string{ + "ws://", + "wss://", + } +) + +func newCors(config Config) *cors { + if err := config.Validate(); err != nil { + panic(err.Error()) + } + + return &cors{ + allowOriginFunc: config.AllowOriginFunc, + allowAllOrigins: config.AllowAllOrigins, + allowCredentials: config.AllowCredentials, + allowOrigins: normalize(config.AllowOrigins), + normalHeaders: generateNormalHeaders(config), + preflightHeaders: generatePreflightHeaders(config), + wildcardOrigins: config.parseWildcardRules(), + } +} + +func (cors *cors) applyCors(c *gin.Context) { + origin := c.Request.Header.Get("Origin") + if len(origin) == 0 { + // request is not a CORS request + return + } + host := c.Request.Host + + if origin == "http://"+host || origin == "https://"+host { + // request is not a CORS request but have origin header. + // for example, use fetch api + return + } + + if !cors.validateOrigin(origin) { + c.AbortWithStatus(http.StatusForbidden) + return + } + + if c.Request.Method == "OPTIONS" { + cors.handlePreflight(c) + defer c.AbortWithStatus(http.StatusNoContent) // Using 204 is better than 200 when the request status is OPTIONS + } else { + cors.handleNormal(c) + } + + if !cors.allowAllOrigins { + c.Header("Access-Control-Allow-Origin", origin) + } +} + +func (cors *cors) validateWildcardOrigin(origin string) bool { + for _, w := range cors.wildcardOrigins { + if w[0] == "*" && strings.HasSuffix(origin, w[1]) { + return true + } + if w[1] == "*" && strings.HasPrefix(origin, w[0]) { + return true + } + if strings.HasPrefix(origin, w[0]) && strings.HasSuffix(origin, w[1]) { + return true + } + } + + return false +} + +func (cors *cors) validateOrigin(origin string) bool { + if cors.allowAllOrigins { + return true + } + for _, value := range cors.allowOrigins { + if value == origin { + return true + } + } + if len(cors.wildcardOrigins) > 0 && cors.validateWildcardOrigin(origin) { + return true + } + if cors.allowOriginFunc != nil { + return cors.allowOriginFunc(origin) + } + return false +} + +func (cors *cors) handlePreflight(c *gin.Context) { + header := c.Writer.Header() + for key, value := range cors.preflightHeaders { + header[key] = value + } +} + +func (cors *cors) handleNormal(c *gin.Context) { + header := c.Writer.Header() + for key, value := range cors.normalHeaders { + header[key] = value + } +} |