Beispiel #1
0
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	resp.SetContentType("text/plain", nil)

	if resp.Status() == http.StatusNotFound {
		resp.SetHeader("Location", path+"/options?from="+url.QueryEscape(req.URL().Path))
		resp.ReportMovedPermanently()
	} else if resp.Status() == http.StatusMethodNotAllowed {
		resp.WriteString("The pprof interface only support GET request\n")
	} else {
		chain(req, resp)
	}
}
Beispiel #2
0
func (c *CORS) filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	origin := "*"
	if !c.allowAll {
		origin = req.Header(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.ReportForbidden()
			return
		}
	}
	resp.SetHeader(_CORS_ALLOWORIGIN, origin)

	resp.SetHeader(_CORS_ALLOWMETHODS, c.methods)
	resp.SetHeader(_CORS_ALLOWHEADERS, c.headers)

	resp.SetHeader(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		resp.SetHeader(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}
	if c.preflightMaxage != "" {
		resp.SetHeader(_CORS_MAXAGE, c.preflightMaxage)
	}

	chain(req, resp)
}
Beispiel #3
0
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) {
	origin := "*"
	if !c.allowAll {
		origin = req.Header(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.ReportOK()
			return
		}
	}

	resp.SetHeader(_CORS_ALLOWORIGIN, origin)
	upperMethod := strings.ToUpper(method)

	for _, m := range c.Methods {
		if m == upperMethod {
			resp.AddHeader(_CORS_ALLOWMETHODS, method)
			break
		}
	}

	for _, h := range strings2.SplitAndTrim(headers, ",") {
		for _, ch := range c.Headers {
			if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init
				resp.AddHeader(_CORS_ALLOWHEADERS, ch)
				break
			}
		}
	}

	resp.SetHeader(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		resp.SetHeader(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}

	if c.preflightMaxage != "" {
		resp.SetHeader(_CORS_MAXAGE, c.preflightMaxage)
	}

	resp.ReportOK()
}