Question: What is the easiest way to deal with CORS?

[sporto]

I have a client app in a different domain so the browser is trying to do a preflight request. e.g.

OPTIONS /accounts HTTP/1.1
Host    localhost:5000
Access-Control-Request-Method   GET
Origin  http://localhost:9000
Access-Control-Request-Headers  accept, x-requested-with
Accept  */*
Referer http://localhost:9000/
...

I would like goweb to generate the necessary response for any request coming for a particular url e.g.

Access-Control-Allow-Origin: http://localhost:9000
Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Allow-Headers: X-Custom-Header
Content-Type: text/html; charset=utf-8

Can you please give me an example on how to deal with this? Thanks

[sporto]

I am doing this manually e.g.

goweb.Map(goweb_http.MethodOptions, "/{*}", func(ctx context.Context) error {
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT")
    ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Headers", "origin, x-requested-with, accept")
    return nil
})

But I wonder if goweb should have some kind of convenience method to do this, if it already have one I haven't found.

[matryer]

Hmm… that's not a bad idea at all. What kind of interface would you expect?

Do you think it should go into a goweb/cores package?

On 10 Oct 2013, at 15:33, Sebastian Porto [email protected] wrote:

I am doing this manually e.g.

goweb.Map(goweb_http.MethodOptions, "/{*}", func(ctx context.Context) error {
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT")
ctx.HttpResponseWriter().Header().Set("Access-Control-Allow-Headers", "origin, x-requested-with, accept")
return nil
})
But I wonder if goweb should have some kind of convenience method to do this, if it already have one I haven't found.

—
Reply to this email directly or view it on GitHub.

[sporto]

It would be nice to have a simple catch all method like:

goweb.AllowCORSFor(whitelistedDomains, options)

don't really know what kind of options would you pass, I haven't done too much work with CORS yet.

[matryer]

Would using a MapBefore method work better here?

On 17 Oct 2013, at 04:44, Sebastian Porto [email protected] wrote:

It would be nice to have a simple catch all method like:

goweb.AllowCORSFor(whitelistedDomains, options)
don't really know what kind of options would you pass, I haven't done too much work with CORS yet.

—
Reply to this email directly or view it on GitHub.

[sporto]

Sorry, closed this by mistake, when trying to comment.

Looking at the documentation MapBefore could be more flexible, or it could be some special handler you pass to Map:

goweb.Map(goweb_http.MethodOptions, "/{*}", goweb.CORSHandler(whitelistedDomains))

[matryer]

I quite like that - fancy doing a PR?

[matryer]

see https://github.com/stretchr/goweb/wiki/Development-practices

[sporto]

I would like to, if I can find the spare time to have a go I will do it. Thanks