Beispiel #1
0
func (c *CORS) filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	headers := resp.Headers()
	origin := "*"
	if !c.allowAll {
		origin = req.GetHeader(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.StatusCode(http.StatusForbidden)
			return
		}
	}
	headers.Set(_CORS_ALLOWORIGIN, origin)

	headers.Set(_CORS_ALLOWMETHODS, c.methods)
	headers.Set(_CORS_ALLOWHEADERS, c.headers)

	headers.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		headers.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}
	if c.preflightMaxage != "" {
		headers.Set(_CORS_MAXAGE, c.preflightMaxage)
	}

	chain(req, resp)
}
Beispiel #2
0
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	status := resp.StatusCode(0)
	if status == http.StatusNotFound {
		resp.Headers().Set("Location", path+"/options?from="+url.QueryEscape(req.URL().Path))
		resp.StatusCode(http.StatusMovedPermanently)
	} else if status == http.StatusMethodNotAllowed {
		io2.WriteString(resp, "The pprof interface only support GET request\n")
	} else {
		chain(req, resp)
	}
}
Beispiel #3
0
func Compress(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	encoding := req.GetHeader(zerver.HEADER_ACCEPTENCODING)

	respHeaders := resp.Headers()
	if strings.Contains(encoding, zerver.ENCODING_GZIP) {
		respHeaders.Set(zerver.HEADER_CONTENTENCODING, zerver.ENCODING_GZIP)
		resp.Wrap(gzipWrapper)
	} else if strings.Contains(encoding, zerver.ENCODING_DEFLATE) {
		respHeaders.Set(zerver.HEADER_CONTENTENCODING, zerver.ENCODING_DEFLATE)
		resp.Wrap(flateWrapper)
	} else {
		chain(req, resp)
		return
	}

	chain(req, resp)
	respHeaders.Del(zerver.HEADER_CONTENTLENGTH)
}
Beispiel #4
0
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) {
	origin := "*"
	if !c.allowAll {
		origin = req.GetHeader(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.StatusCode(http.StatusOK)
			return
		}
	}

	respHeaders := resp.Headers()
	respHeaders.Set(_CORS_ALLOWORIGIN, origin)
	upperMethod := strings.ToUpper(method)

	for _, m := range c.Methods {
		if m == upperMethod {
			respHeaders.Add(_CORS_ALLOWMETHODS, method)
			break
		}
	}

	for _, h := range strings2.SplitAndTrim(headers, ",") {
		for _, ch := range c.Headers {
			if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init
				respHeaders.Add(_CORS_ALLOWHEADERS, ch)
				break
			}
		}
	}

	respHeaders.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		respHeaders.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}

	if c.preflightMaxage != "" {
		respHeaders.Set(_CORS_MAXAGE, c.preflightMaxage)
	}

	resp.StatusCode(http.StatusOK)
}