func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) {
origin := "*"
if !c.allowAll {
origin = req.Header(_CORS_ORIGIN)
if !c.allow(origin) {
resp.ReportOK()
return
}
}
resp.SetHeader(_CORS_ALLOWORIGIN, origin)
upperMethod := strings.ToUpper(method)
for _, m := range c.Methods {
if m == upperMethod {
resp.AddHeader(_CORS_ALLOWMETHODS, method)
break
}
}
for _, h := range strings2.SplitAndTrim(headers, ",") {
for _, ch := range c.Headers {
if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init
resp.AddHeader(_CORS_ALLOWHEADERS, ch)
break
}
}
}
resp.SetHeader(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
if c.exposeHeaders != "" {
resp.SetHeader(_CORS_EXPOSEHEADERS, c.exposeHeaders)
}
if c.preflightMaxage != "" {
resp.SetHeader(_CORS_MAXAGE, c.preflightMaxage)
}
resp.ReportOK()
}