Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add option to allow all methods #120

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ type Options struct {
AllowOriginVaryRequestFunc func(r *http.Request, origin string) (bool, []string)
// AllowedMethods is a list of methods the client is allowed to use with
// cross-domain requests. Default value is simple methods (HEAD, GET and POST).
// If the special "*" value is present in the list, all methods will be allowed.
AllowedMethods []string
// AllowedHeaders is list of non simple headers the client is allowed to use with
// cross-domain requests.
Expand Down Expand Up @@ -128,6 +129,8 @@ type Cors struct {
allowedOriginsAll bool
// Set to true when allowed headers contains a "*"
allowedHeadersAll bool
// Set to true when allowed methods contains a "*"
allowedMethodsAll bool
// Status code to use for successful OPTIONS requests
optionsSuccessStatus int
allowCredentials bool
Expand Down Expand Up @@ -239,6 +242,14 @@ func New(options Options) *Cors {
c.maxAge = []string{strconv.Itoa(options.MaxAge)}
} else if options.MaxAge < 0 {
c.maxAge = []string{"0"}
c.allowedMethods = convert(options.AllowedMethods, strings.ToUpper)
for _, h := range options.AllowedMethods {
if h == "*" {
c.allowedMethodsAll = true
c.allowedMethods = nil
break
}
}
}

return c
Expand Down Expand Up @@ -485,6 +496,9 @@ func (c *Cors) isOriginAllowed(r *http.Request, origin string) (allowed bool, va
// isMethodAllowed checks if a given method can be used as part of a cross-domain request
// on the endpoint
func (c *Cors) isMethodAllowed(method string) bool {
if c.allowedMethodsAll {
return true
}
if len(c.allowedMethods) == 0 {
// If no method allowed, always return false, even for preflight request
return false
Expand Down