Skip to content

Commit

Permalink
public method to check cors domain (#115)
Browse files Browse the repository at this point in the history
  • Loading branch information
alicebob authored Jun 7, 2021
1 parent f9bce55 commit 64821dd
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 5 deletions.
6 changes: 6 additions & 0 deletions cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,12 @@ func (c *Cors) logf(format string, a ...interface{}) {
}
}

// check the Origin of a request. No origin at all is also allowed.
func (c *Cors) OriginAllowed(r *http.Request) bool {
origin := r.Header.Get("Origin")
return c.isOriginAllowed(r, origin)
}

// isOriginAllowed checks if a given origin is allowed to perform cross-domain requests
// on the endpoint
func (c *Cors) isOriginAllowed(r *http.Request, origin string) bool {
Expand Down
39 changes: 34 additions & 5 deletions cors_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,12 @@ func assertResponse(t *testing.T, res *httptest.ResponseRecorder, responseCode i

func TestSpec(t *testing.T) {
cases := []struct {
name string
options Options
method string
reqHeaders map[string]string
resHeaders map[string]string
name string
options Options
method string
reqHeaders map[string]string
resHeaders map[string]string
originAllowed bool
}{
{
"NoConfig",
Expand All @@ -56,6 +57,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin",
},
true,
},
{
"MatchAllOrigin",
Expand All @@ -70,6 +72,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "*",
},
true,
},
{
"MatchAllOriginWithCredentials",
Expand All @@ -86,6 +89,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": "true",
},
true,
},
{
"AllowedOrigin",
Expand All @@ -100,6 +104,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
},
true,
},
{
"WildcardOrigin",
Expand All @@ -114,6 +119,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foo.bar.com",
},
true,
},
{
"DisallowedOrigin",
Expand All @@ -127,6 +133,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin",
},
false,
},
{
"DisallowedWildcardOrigin",
Expand All @@ -140,6 +147,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin",
},
false,
},
{
"AllowedOriginFuncMatch",
Expand All @@ -156,6 +164,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
},
true,
},
{
"AllowOriginRequestFuncMatch",
Expand All @@ -173,6 +182,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
},
true,
},
{
"AllowOriginRequestFuncNotMatch",
Expand All @@ -189,6 +199,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin",
},
false,
},
{
"MaxAge",
Expand All @@ -208,6 +219,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Max-Age": "10",
},
true,
},
{
"AllowedMethod",
Expand All @@ -225,6 +237,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Origin": "http://foobar.com",
"Access-Control-Allow-Methods": "PUT",
},
true,
},
{
"DisallowedMethod",
Expand All @@ -240,6 +253,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
},
true,
},
{
"AllowedHeaders",
Expand All @@ -259,6 +273,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Headers": "X-Header-2, X-Header-1",
},
true,
},
{
"DefaultAllowedHeaders",
Expand All @@ -278,6 +293,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Headers": "X-Requested-With",
},
true,
},
{
"AllowedWildcardHeader",
Expand All @@ -297,6 +313,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Headers": "X-Header-2, X-Header-1",
},
true,
},
{
"DisallowedHeader",
Expand All @@ -313,6 +330,7 @@ func TestSpec(t *testing.T) {
map[string]string{
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
},
true,
},
{
"OriginHeader",
Expand All @@ -331,6 +349,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Headers": "Origin",
},
true,
},
{
"ExposedHeader",
Expand All @@ -347,6 +366,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Origin": "http://foobar.com",
"Access-Control-Expose-Headers": "X-Header-1, X-Header-2",
},
true,
},
{
"AllowedCredentials",
Expand All @@ -365,6 +385,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Credentials": "true",
},
true,
},
{
"OptionPassthrough",
Expand All @@ -381,6 +402,7 @@ func TestSpec(t *testing.T) {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET",
},
true,
},
{
"NonPreflightOptions",
Expand All @@ -395,6 +417,7 @@ func TestSpec(t *testing.T) {
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
},
true,
},
}
for i := range cases {
Expand All @@ -407,6 +430,12 @@ func TestSpec(t *testing.T) {
req.Header.Add(name, value)
}

t.Run("OriginAllowed", func(t *testing.T) {
if have, want := s.OriginAllowed(req), tc.originAllowed; have != want {
t.Errorf("OriginAllowed have: %t want: %t", have, want)
}
})

t.Run("Handler", func(t *testing.T) {
res := httptest.NewRecorder()
s.Handler(testHandler).ServeHTTP(res, req)
Expand Down
25 changes: 25 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
github.com/gin-gonic/gin v1.5.0 h1:fi+bqFAx/oLK54somfCtEZs9HeH1LHVoEPUgARpTqyc=
github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

0 comments on commit 64821dd

Please sign in to comment.