jonas/go-playground
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: middleware, expvar

Browse Source
This commit is contained in:
Jonas
2026-04-27 14:02:26 +02:00
parent 2fd3a1d57b
commit 7affd35ae4
5 changed files with 44 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
projects/greenlight/cmd/api/middleware.go
+18 -9
View File
@@ -247,27 +247,36 @@ func (app *application) requirePermission(code string, next http.HandlerFunc) ht
func (app *application) enableCORS(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Add the "Vary: Origin" header.
w.Header().Add("Vary", "Origin")
// Get the value of the request's Origin header.
// Add the "Vary: Access-Control-Request-Method" header.
w.Header().Add("Vary", "Access-Control-Request-Method")
origin := r.Header.Get("Origin")
// Only run this if there's an Origin request header present AND at least one
// trusted origin is configured.
if origin != "" && len(app.config.cors.trustedOrigins) != 0 {
// Loop through the list of trusted origins, checking to see if the request
// origin exactly matches one of them.
for i := range app.config.cors.trustedOrigins {
if origin == app.config.cors.trustedOrigins[i] {
// If there is a match, then set a "Access-Control-Allow-Origin
// response header with the request origin as the value.
w.Header().Set("Access-Control-Allow-Origin", origin)
// Check if the request has the HTTP method OPTIONS and contains the
// "Access-Control-Request-Method" header. If it does, then we treat
// it as a preflight request.
if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
// Set the necessary preflight response headers, as discussed
// previously.
w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, PUT, PATCH, DELETE")
w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
// Write the headers along with a 200 OK status and return from
// the // the middleware with no further action.
w.WriteHeader(http.StatusOK)
return
}
}
}
}
// Call the next handler in the chain.
next.ServeHTTP(w, r)
})
}