20 lines
711 B
Go
20 lines
711 B
Go
package middleware
|
|
|
|
import "net/http"
|
|
|
|
// CORS wraps next with permissive CORS headers and short-circuits OPTIONS preflight.
|
|
//
|
|
// This service is meant to sit behind an authenticated gateway, so we set
|
|
// "Access-Control-Allow-Origin: *". Tighten this if you deploy elsewhere.
|
|
func CORS(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
|
|
if r.Method == http.MethodOptions {
|
|
w.WriteHeader(http.StatusNoContent)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|