diff options
| author |  Terin Stock <terinjokes@gmail.com> | 2025-03-09 17:47:56 +0100 |
|---|---|---|
| committer | Terin Stock <terinjokes@gmail.com> | 2025-12-01 22:08:04 +0100 |
| commit | b1af8fd87760b34e3ff2fd3bda38f211815a0473 (patch) | |
| tree | 9317fad1a7ec298d7a8d2678e4e422953bbc6f33 /vendor/github.com/gin-contrib/cors | |
| parent | [chore] update URLs to forked source (diff) | |
| download | gotosocial-b1af8fd87760b34e3ff2fd3bda38f211815a0473.tar.xz | |
[chore] remove vendor
Diffstat (limited to 'vendor/github.com/gin-contrib/cors')
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/.gitignore | 25 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/.golangci.yml | 50 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/.goreleaser.yaml | 28 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/LICENSE | 21 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/README.md | 246 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/config.go | 167 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/cors.go | 208 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/utils.go | 90 |
8 files changed, 0 insertions, 835 deletions
diff --git a/vendor/github.com/gin-contrib/cors/.gitignore b/vendor/github.com/gin-contrib/cors/.gitignore deleted file mode 100644 index 002df848c..000000000 --- a/vendor/github.com/gin-contrib/cors/.gitignore +++ /dev/null @@ -1,25 +0,0 @@ -*.o -*.a -*.so - -_obj -_test - -*.[568vq] -[568vq].out - -*.cgo1.go -*.cgo2.c -_cgo_defun.c -_cgo_gotypes.go -_cgo_export.* - -_testmain.go - -*.exe -*.test -*.prof - -coverage.out - -.idea diff --git a/vendor/github.com/gin-contrib/cors/.golangci.yml b/vendor/github.com/gin-contrib/cors/.golangci.yml deleted file mode 100644 index 47094ac61..000000000 --- a/vendor/github.com/gin-contrib/cors/.golangci.yml +++ /dev/null @@ -1,50 +0,0 @@ -version: "2" -linters: - default: none - enable: - - bodyclose - - dogsled - - dupl - - errcheck - - exhaustive - - gochecknoinits - - goconst - - gocritic - - gocyclo - - goprintffuncname - - gosec - - govet - - ineffassign - - lll - - misspell - - nakedret - - noctx - - nolintlint - - rowserrcheck - - staticcheck - - unconvert - - unparam - - unused - - whitespace - exclusions: - generated: lax - presets: - - comments - - common-false-positives - - legacy - - std-error-handling - paths: - - third_party$ - - builtin$ - - examples$ -formatters: - enable: - - gofmt - - gofumpt - - goimports - exclusions: - generated: lax - paths: - - third_party$ - - builtin$ - - examples$ diff --git a/vendor/github.com/gin-contrib/cors/.goreleaser.yaml b/vendor/github.com/gin-contrib/cors/.goreleaser.yaml deleted file mode 100644 index 01b1081cf..000000000 --- a/vendor/github.com/gin-contrib/cors/.goreleaser.yaml +++ /dev/null @@ -1,28 +0,0 @@ -builds: - - # If true, skip the build. - # Useful for library projects. - # Default is false - skip: true - -changelog: - use: github - groups: - - title: Features - regexp: "^.*feat[(\\w)]*:+.*$" - order: 0 - - title: "Bug fixes" - regexp: "^.*fix[(\\w)]*:+.*$" - order: 1 - - title: "Enhancements" - regexp: "^.*chore[(\\w)]*:+.*$" - order: 2 - - title: "Refactor" - regexp: "^.*refactor[(\\w)]*:+.*$" - order: 3 - - title: "Build process updates" - regexp: ^.*?(build|ci)(\(.+\))??!?:.+$ - order: 4 - - title: "Documentation updates" - regexp: ^.*?docs?(\(.+\))??!?:.+$ - order: 4 - - title: Others diff --git a/vendor/github.com/gin-contrib/cors/LICENSE b/vendor/github.com/gin-contrib/cors/LICENSE deleted file mode 100644 index 4e2cfb015..000000000 --- a/vendor/github.com/gin-contrib/cors/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2016 Gin-Gonic - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/gin-contrib/cors/README.md b/vendor/github.com/gin-contrib/cors/README.md deleted file mode 100644 index a8747dd6a..000000000 --- a/vendor/github.com/gin-contrib/cors/README.md +++ /dev/null @@ -1,246 +0,0 @@ -# gin-contrib/cors - -[](https://github.com/gin-contrib/cors/actions/workflows/go.yml) -[](https://codecov.io/gh/gin-contrib/cors) -[](https://goreportcard.com/report/github.com/gin-contrib/cors) -[](https://godoc.org/github.com/gin-contrib/cors) - -- [gin-contrib/cors](#gin-contribcors) - - [Overview](#overview) - - [Installation](#installation) - - [Quick Start](#quick-start) - - [Advanced Usage](#advanced-usage) - - [Custom Configuration](#custom-configuration) - - [DefaultConfig Reference](#defaultconfig-reference) - - [Default() Convenience](#default-convenience) - - [Configuration Reference](#configuration-reference) - - [Notes on Configuration](#notes-on-configuration) - - [Examples](#examples) - - [Advanced Options](#advanced-options) - - [Custom Origin Validation](#custom-origin-validation) - - [With Gin Context](#with-gin-context) - - [Helper Methods](#helper-methods) - - [Validation \& Error Handling](#validation--error-handling) - - [Important Notes](#important-notes) - ---- - -## Overview - -**CORS (Cross-Origin Resource Sharing)** middleware for [Gin](https://github.com/gin-gonic/gin). - -- Enables flexible CORS handling for your Gin-based APIs. -- Highly configurable: origins, methods, headers, credentials, and more. - ---- - -## Installation - -```sh -go get github.com/gin-contrib/cors -``` - -Import in your Go code: - -```go -import "github.com/gin-contrib/cors" -``` - ---- - -## Quick Start - -Allow all origins (default): - -```go -import ( - "github.com/gin-contrib/cors" - "github.com/gin-gonic/gin" -) - -func main() { - router := gin.Default() - router.Use(cors.Default()) // All origins allowed by default - router.Run() -} -``` - -> ⚠️ **Warning:** Allowing all origins disables cookies for clients. For credentialed requests, **do not** allow all origins. - ---- - -## Advanced Usage - -### Custom Configuration - -Configure allowed origins, methods, headers, and more: - -```go -import ( - "time" - "github.com/gin-contrib/cors" - "github.com/gin-gonic/gin" -) - -func main() { - router := gin.Default() - router.Use(cors.New(cors.Config{ - AllowOrigins: []string{"https://foo.com"}, - AllowMethods: []string{"PUT", "PATCH"}, - AllowHeaders: []string{"Origin"}, - ExposeHeaders: []string{"Content-Length"}, - AllowCredentials: true, - AllowOriginFunc: func(origin string) bool { - return origin == "https://github.com" - }, - MaxAge: 12 * time.Hour, - })) - router.Run() -} -``` - ---- - -### DefaultConfig Reference - -Start with library defaults and customize as needed: - -```go -import ( - "github.com/gin-contrib/cors" - "github.com/gin-gonic/gin" -) - -func main() { - router := gin.Default() - config := cors.DefaultConfig() - config.AllowOrigins = []string{"http://google.com"} - // config.AllowOrigins = []string{"http://google.com", "http://facebook.com"} - // config.AllowAllOrigins = true - - router.Use(cors.New(config)) - router.Run() -} -``` - -> **Note:** `Default()` allows all origins, but `DefaultConfig()` does **not**. To allow all origins, set `AllowAllOrigins = true`. - ---- - -### Default() Convenience - -Enable all origins with a single call: - -```go -router.Use(cors.Default()) // Equivalent to AllowAllOrigins = true -``` - ---- - -## Configuration Reference - -The middleware is controlled via the `cors.Config` struct. All fields are optional unless otherwise stated. - -| Field | Type | Default | Description | -|-------------------------------|-----------------------------|-----------------------------------------------------------|-----------------------------------------------------------------------------------------------| -| `AllowAllOrigins` | `bool` | `false` | If true, allows all origins. Credentials **cannot** be used. | -| `AllowOrigins` | `[]string` | `[]` | List of allowed origins. Supports exact match, `*`, and wildcards. | -| `AllowOriginFunc` | `func(string) bool` | `nil` | Custom function to validate origin. If set, `AllowOrigins` is ignored. | -| `AllowOriginWithContextFunc` | `func(*gin.Context,string)bool` | `nil` | Like `AllowOriginFunc`, but with request context. | -| `AllowMethods` | `[]string` | `[]string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"}` | Allowed HTTP methods. | -| `AllowPrivateNetwork` | `bool` | `false` | Adds [Private Network Access](https://wicg.github.io/private-network-access/) CORS header. | -| `AllowHeaders` | `[]string` | `[]` | List of non-simple headers permitted in requests. | -| `AllowCredentials` | `bool` | `false` | Allow cookies, HTTP auth, or client certs. Only if precise origins are used. | -| `ExposeHeaders` | `[]string` | `[]` | Headers exposed to the browser. | -| `MaxAge` | `time.Duration` | `12 * time.Hour` | Cache time for preflight requests. | -| `AllowWildcard` | `bool` | `false` | Enables wildcards in origins (e.g. `https://*.example.com`). | -| `AllowBrowserExtensions` | `bool` | `false` | Allow browser extension schemes as origins (e.g. `chrome-extension://`). | -| `CustomSchemas` | `[]string` | `nil` | Additional allowed URI schemes (e.g. `tauri://`). | -| `AllowWebSockets` | `bool` | `false` | Allow `ws://` and `wss://` schemas. | -| `AllowFiles` | `bool` | `false` | Allow `file://` origins (dangerous; use only if necessary). | -| `OptionsResponseStatusCode` | `int` | `204` | Custom status code for `OPTIONS` responses. | - ---- - -### Notes on Configuration - -- Only one of `AllowAllOrigins`, `AllowOrigins`, `AllowOriginFunc`, or `AllowOriginWithContextFunc` should be set. -- If `AllowAllOrigins` is true, other origin settings are ignored and credentialed requests are not allowed. -- If `AllowWildcard` is enabled, only one `*` is allowed per origin string. -- Use `AllowBrowserExtensions`, `AllowWebSockets`, or `AllowFiles` to permit non-HTTP(s) protocols as origins. -- Custom schemas allow, for example, usage in desktop apps via custom URI schemes (`tauri://`, etc.). -- If both `AllowOriginFunc` and `AllowOriginWithContextFunc` are set, the context-specific function is preferred. - ---- - -### Examples - -#### Advanced Options - -```go -config := cors.Config{ - AllowOrigins: []string{"https://*.foo.com", "https://bar.com"}, - AllowWildcard: true, - AllowMethods: []string{"GET", "POST"}, - AllowHeaders: []string{"Authorization", "Content-Type"}, - AllowCredentials: true, - AllowBrowserExtensions: true, - AllowWebSockets: true, - AllowFiles: false, - CustomSchemas: []string{"tauri://"}, - MaxAge: 24 * time.Hour, - ExposeHeaders: []string{"X-Custom-Header"}, - AllowPrivateNetwork: true, -} -``` - -#### Custom Origin Validation - -```go -config := cors.Config{ - AllowOriginFunc: func(origin string) bool { - // Allow any github.com subdomain or a custom rule - return strings.HasSuffix(origin, "github.com") - }, -} -``` - -#### With Gin Context - -```go -config := cors.Config{ - AllowOriginWithContextFunc: func(c *gin.Context, origin string) bool { - // Allow only if a certain header is present - return c.Request.Header.Get("X-Allow-CORS") == "yes" - }, -} -``` - ---- - -## Helper Methods - -Dynamically add methods or headers to the config: - -```go -config.AddAllowMethods("DELETE", "OPTIONS") -config.AddAllowHeaders("X-My-Header") -config.AddExposeHeaders("X-Other-Header") -``` - ---- - -## Validation & Error Handling - -- Calling `Validate()` on a `Config` checks for misconfiguration (called internally). -- If `AllowAllOrigins` is set, you cannot also set `AllowOrigins` or any `AllowOriginFunc`. -- If neither `AllowAllOrigins`, `AllowOriginFunc`, nor `AllowOrigins` is set, an error is raised. -- If an `AllowOrigin` contains a wildcard but `AllowWildcard` is not enabled, or more than one `*` is present, a panic is triggered. -- Invalid origin schemas or unsupported wildcards are rejected. - ---- - -## Important Notes - -- **Enabling all origins disables cookies:** When `AllowAllOrigins` is enabled, Gin cannot set cookies for clients. If you need credential sharing (cookies, authentication headers), **do not** allow all origins. -- For detailed documentation and configuration options, see the [GoDoc](https://godoc.org/github.com/gin-contrib/cors). diff --git a/vendor/github.com/gin-contrib/cors/config.go b/vendor/github.com/gin-contrib/cors/config.go deleted file mode 100644 index 76e15a880..000000000 --- a/vendor/github.com/gin-contrib/cors/config.go +++ /dev/null @@ -1,167 +0,0 @@ -package cors - -import ( - "net/http" - "regexp" - "strings" - - "github.com/gin-gonic/gin" -) - -type cors struct { - allowAllOrigins bool - allowCredentials bool - allowOriginFunc func(string) bool - allowOriginWithContextFunc func(*gin.Context, string) bool - allowOrigins []string - normalHeaders http.Header - preflightHeaders http.Header - wildcardOrigins [][]string - optionsResponseStatusCode int -} - -var ( - DefaultSchemas = []string{ - "http://", - "https://", - } - ExtensionSchemas = []string{ - "chrome-extension://", - "safari-extension://", - "moz-extension://", - "ms-browser-extension://", - } - FileSchemas = []string{ - "file://", - } - WebSocketSchemas = []string{ - "ws://", - "wss://", - } -) - -func newCors(config Config) *cors { - if err := config.Validate(); err != nil { - panic(err.Error()) - } - - for _, origin := range config.AllowOrigins { - if origin == "*" { - config.AllowAllOrigins = true - } - } - - if config.OptionsResponseStatusCode == 0 { - config.OptionsResponseStatusCode = http.StatusNoContent - } - - return &cors{ - allowOriginFunc: config.AllowOriginFunc, - allowOriginWithContextFunc: config.AllowOriginWithContextFunc, - allowAllOrigins: config.AllowAllOrigins, - allowCredentials: config.AllowCredentials, - allowOrigins: normalize(config.AllowOrigins), - normalHeaders: generateNormalHeaders(config), - preflightHeaders: generatePreflightHeaders(config), - wildcardOrigins: config.parseWildcardRules(), - optionsResponseStatusCode: config.OptionsResponseStatusCode, - } -} - -func (cors *cors) applyCors(c *gin.Context) { - origin := c.Request.Header.Get("Origin") - if len(origin) == 0 { - // request is not a CORS request - return - } - host := c.Request.Host - - if origin == "http://"+host || origin == "https://"+host { - // request is not a CORS request but have origin header. - // for example, use fetch api - return - } - - if !cors.isOriginValid(c, origin) { - c.AbortWithStatus(http.StatusForbidden) - return - } - - if c.Request.Method == http.MethodOptions { - cors.handlePreflight(c) - defer c.AbortWithStatus(cors.optionsResponseStatusCode) - } else { - cors.handleNormal(c) - } - - if !cors.allowAllOrigins { - c.Header("Access-Control-Allow-Origin", origin) - } -} - -func (cors *cors) validateWildcardOrigin(origin string) bool { - for _, w := range cors.wildcardOrigins { - if w[0] == "*" && strings.HasSuffix(origin, w[1]) { - return true - } - if w[1] == "*" && strings.HasPrefix(origin, w[0]) { - return true - } - if strings.HasPrefix(origin, w[0]) && strings.HasSuffix(origin, w[1]) { - return true - } - } - - return false -} - -func (cors *cors) isOriginValid(c *gin.Context, origin string) bool { - valid := cors.validateOrigin(origin) - if !valid && cors.allowOriginWithContextFunc != nil { - valid = cors.allowOriginWithContextFunc(c, origin) - } - return valid -} - -var originRegex = regexp.MustCompile(`^/(.+)/[gimuy]?$`) - -func (cors *cors) validateOrigin(origin string) bool { - if cors.allowAllOrigins { - return true - } - - for _, value := range cors.allowOrigins { - if !originRegex.MatchString(value) && value == origin { - return true - } - - if originRegex.MatchString(value) && - regexp.MustCompile(originRegex.FindStringSubmatch(value)[1]).MatchString(origin) { - return true - } - } - - if len(cors.wildcardOrigins) > 0 && cors.validateWildcardOrigin(origin) { - return true - } - - if cors.allowOriginFunc != nil { - return cors.allowOriginFunc(origin) - } - - return false -} - -func (cors *cors) handlePreflight(c *gin.Context) { - header := c.Writer.Header() - for key, value := range cors.preflightHeaders { - header[key] = value - } -} - -func (cors *cors) handleNormal(c *gin.Context) { - header := c.Writer.Header() - for key, value := range cors.normalHeaders { - header[key] = value - } -} diff --git a/vendor/github.com/gin-contrib/cors/cors.go b/vendor/github.com/gin-contrib/cors/cors.go deleted file mode 100644 index cacb34a6c..000000000 --- a/vendor/github.com/gin-contrib/cors/cors.go +++ /dev/null @@ -1,208 +0,0 @@ -package cors - -import ( - "errors" - "fmt" - "regexp" - "strings" - "time" - - "github.com/gin-gonic/gin" -) - -// Config represents all available options for the middleware. -type Config struct { - AllowAllOrigins bool - - // AllowOrigins is a list of origins a cross-domain request can be executed from. - // If the special "*" value is present in the list, all origins will be allowed. - // Default value is [] - AllowOrigins []string - - // AllowOriginFunc is a custom function to validate the origin. It takes the origin - // as an argument and returns true if allowed or false otherwise. If this option is - // set, the content of AllowOrigins is ignored. - AllowOriginFunc func(origin string) bool - - // Same as AllowOriginFunc except also receives the full request context. - // This function should use the context as a read only source and not - // have any side effects on the request, such as aborting or injecting - // values on the request. - AllowOriginWithContextFunc func(c *gin.Context, origin string) bool - - // AllowMethods is a list of methods the client is allowed to use with - // cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS) - AllowMethods []string - - // AllowPrivateNetwork indicates whether the response should include allow private network header - AllowPrivateNetwork bool - - // AllowHeaders is list of non simple headers the client is allowed to use with - // cross-domain requests. - AllowHeaders []string - - // AllowCredentials indicates whether the request can include user credentials like - // cookies, HTTP authentication or client side SSL certificates. - AllowCredentials bool - - // ExposeHeaders indicates which headers are safe to expose to the API of a CORS - // API specification - ExposeHeaders []string - - // MaxAge indicates how long (with second-precision) the results of a preflight request - // can be cached - MaxAge time.Duration - - // Allows to add origins like http://some-domain/*, https://api.* or http://some.*.subdomain.com - AllowWildcard bool - - // Allows usage of popular browser extensions schemas - AllowBrowserExtensions bool - - // Allows to add custom schema like tauri:// - CustomSchemas []string - - // Allows usage of WebSocket protocol - AllowWebSockets bool - - // Allows usage of file:// schema (dangerous!) use it only when you 100% sure it's needed - AllowFiles bool - - // Allows to pass custom OPTIONS response status code for old browsers / clients - OptionsResponseStatusCode int -} - -// AddAllowMethods is allowed to add custom methods -func (c *Config) AddAllowMethods(methods ...string) { - c.AllowMethods = append(c.AllowMethods, methods...) -} - -// AddAllowHeaders is allowed to add custom headers -func (c *Config) AddAllowHeaders(headers ...string) { - c.AllowHeaders = append(c.AllowHeaders, headers...) -} - -// AddExposeHeaders is allowed to add custom expose headers -func (c *Config) AddExposeHeaders(headers ...string) { - c.ExposeHeaders = append(c.ExposeHeaders, headers...) -} - -func (c Config) getAllowedSchemas() []string { - allowedSchemas := DefaultSchemas - if c.AllowBrowserExtensions { - allowedSchemas = append(allowedSchemas, ExtensionSchemas...) - } - if c.AllowWebSockets { - allowedSchemas = append(allowedSchemas, WebSocketSchemas...) - } - if c.AllowFiles { - allowedSchemas = append(allowedSchemas, FileSchemas...) - } - if c.CustomSchemas != nil { - allowedSchemas = append(allowedSchemas, c.CustomSchemas...) - } - return allowedSchemas -} - -var regexpBasedOrigin = regexp.MustCompile(`^\/(.+)\/[gimuy]?$`) - -func (c Config) validateAllowedSchemas(origin string) bool { - allowedSchemas := c.getAllowedSchemas() - - if regexpBasedOrigin.MatchString(origin) { - // Normalize regexp-based origins - origin = regexpBasedOrigin.FindStringSubmatch(origin)[1] - origin = strings.Replace(origin, "?", "", 1) - } - - for _, schema := range allowedSchemas { - if strings.HasPrefix(origin, schema) { - return true - } - } - return false -} - -// Validate is check configuration of user defined. -func (c Config) Validate() error { - hasOriginFn := c.AllowOriginFunc != nil - hasOriginFn = hasOriginFn || c.AllowOriginWithContextFunc != nil - - if c.AllowAllOrigins && (hasOriginFn || len(c.AllowOrigins) > 0) { - originFields := strings.Join([]string{ - "AllowOriginFunc", - "AllowOriginFuncWithContext", - "AllowOrigins", - }, " or ") - return fmt.Errorf( - "conflict settings: all origins enabled. %s is not needed", - originFields, - ) - } - if !c.AllowAllOrigins && !hasOriginFn && len(c.AllowOrigins) == 0 { - return errors.New("conflict settings: all origins disabled") - } - for _, origin := range c.AllowOrigins { - if !strings.Contains(origin, "*") && !c.validateAllowedSchemas(origin) { - return errors.New("bad origin: origins must contain '*' or include " + strings.Join(c.getAllowedSchemas(), ",")) - } - } - return nil -} - -func (c Config) parseWildcardRules() [][]string { - var wRules [][]string - - if !c.AllowWildcard { - return wRules - } - - for _, o := range c.AllowOrigins { - if !strings.Contains(o, "*") { - continue - } - - if c := strings.Count(o, "*"); c > 1 { - panic(errors.New("only one * is allowed").Error()) - } - - i := strings.Index(o, "*") - if i == 0 { - wRules = append(wRules, []string{"*", o[1:]}) - continue - } - if i == (len(o) - 1) { - wRules = append(wRules, []string{o[:i], "*"}) - continue - } - - wRules = append(wRules, []string{o[:i], o[i+1:]}) - } - - return wRules -} - -// DefaultConfig returns a generic default configuration mapped to localhost. -func DefaultConfig() Config { - return Config{ - AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"}, - AllowHeaders: []string{"Origin", "Content-Length", "Content-Type"}, - AllowCredentials: false, - MaxAge: 12 * time.Hour, - } -} - -// Default returns the location middleware with default configuration. -func Default() gin.HandlerFunc { - config := DefaultConfig() - config.AllowAllOrigins = true - return New(config) -} - -// New returns the location middleware with user-defined custom configuration. -func New(config Config) gin.HandlerFunc { - cors := newCors(config) - return func(c *gin.Context) { - cors.applyCors(c) - } -} diff --git a/vendor/github.com/gin-contrib/cors/utils.go b/vendor/github.com/gin-contrib/cors/utils.go deleted file mode 100644 index b98e90b8c..000000000 --- a/vendor/github.com/gin-contrib/cors/utils.go +++ /dev/null @@ -1,90 +0,0 @@ -package cors - -import ( - "net/http" - "strconv" - "strings" - "time" -) - -type converter func(string) string - -func generateNormalHeaders(c Config) http.Header { - headers := make(http.Header) - if c.AllowCredentials { - headers.Set("Access-Control-Allow-Credentials", "true") - } - if len(c.ExposeHeaders) > 0 { - exposeHeaders := convert(normalize(c.ExposeHeaders), http.CanonicalHeaderKey) - headers.Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ",")) - } - if c.AllowAllOrigins { - headers.Set("Access-Control-Allow-Origin", "*") - } else { - headers.Set("Vary", "Origin") - } - return headers -} - -func generatePreflightHeaders(c Config) http.Header { - headers := make(http.Header) - if c.AllowCredentials { - headers.Set("Access-Control-Allow-Credentials", "true") - } - if len(c.AllowMethods) > 0 { - allowMethods := convert(normalize(c.AllowMethods), strings.ToUpper) - value := strings.Join(allowMethods, ",") - headers.Set("Access-Control-Allow-Methods", value) - } - if len(c.AllowHeaders) > 0 { - allowHeaders := convert(normalize(c.AllowHeaders), http.CanonicalHeaderKey) - value := strings.Join(allowHeaders, ",") - headers.Set("Access-Control-Allow-Headers", value) - } - if c.MaxAge > time.Duration(0) { - value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10) - headers.Set("Access-Control-Max-Age", value) - } - - if c.AllowPrivateNetwork { - headers.Set("Access-Control-Allow-Private-Network", "true") - } - - if c.AllowAllOrigins { - headers.Set("Access-Control-Allow-Origin", "*") - } else { - // Always set Vary headers - // see https://github.com/rs/cors/issues/10, - // https://github.com/rs/cors/commit/dbdca4d95feaa7511a46e6f1efb3b3aa505bc43f#commitcomment-12352001 - - headers.Add("Vary", "Origin") - headers.Add("Vary", "Access-Control-Request-Method") - headers.Add("Vary", "Access-Control-Request-Headers") - } - return headers -} - -func normalize(values []string) []string { - if values == nil { - return nil - } - distinctMap := make(map[string]bool, len(values)) - normalized := make([]string, 0, len(values)) - for _, value := range values { - value = strings.TrimSpace(value) - value = strings.ToLower(value) - if _, seen := distinctMap[value]; !seen { - normalized = append(normalized, value) - distinctMap[value] = true - } - } - return normalized -} - -func convert(s []string, c converter) []string { - var out []string - for _, i := range s { - out = append(out, c(i)) - } - return out -} |