@@ -5,7 +5,11 @@ import (
55 "strings"
66)
77
8- func allowCORS (h http.Handler , allowOrigins []string ) http.Handler {
8+ var (
9+ defaultAllowHeaders = []string {"Content-Type" , "Accept" , "Authorization" , "Origin" }
10+ )
11+
12+ func allowCORS (h http.Handler , allowOrigins []string , extraAllowHeaders []string ) http.Handler {
913 return http .HandlerFunc (func (w http.ResponseWriter , r * http.Request ) {
1014 if origin := r .Header .Get ("Origin" ); origin != "" {
1115 if len (allowOrigins ) > 0 {
@@ -20,16 +24,34 @@ func allowCORS(h http.Handler, allowOrigins []string) http.Handler {
2024 }
2125
2226 if r .Method == "OPTIONS" && r .Header .Get ("Access-Control-Request-Method" ) != "" {
23- preflightHandler (w , r )
27+ preflightHandler (w , r , extraAllowHeaders )
2428 return
2529 }
2630 }
2731 h .ServeHTTP (w , r )
2832 })
2933}
3034
31- func preflightHandler (w http.ResponseWriter , r * http.Request ) {
32- headers := []string {"Content-Type" , "Accept" , "Authorization" , "Origin" }
35+ func evaluateExtraAllowHeaders (allowHeaders []string ) []string {
36+ m := map [string ]bool {}
37+ for _ , h := range defaultAllowHeaders {
38+ m [h ] = true
39+ }
40+
41+ extraAllowHeaders := []string {}
42+ for _ , h := range allowHeaders {
43+ if m [h ] == false {
44+ extraAllowHeaders = append (extraAllowHeaders , h )
45+ }
46+ }
47+ return extraAllowHeaders
48+ }
49+
50+ func preflightHandler (w http.ResponseWriter , r * http.Request , extraAllowHeaders []string ) {
51+ headers := defaultAllowHeaders
52+ if len (extraAllowHeaders ) > 0 {
53+ headers = append (headers , extraAllowHeaders ... )
54+ }
3355 w .Header ().Set ("Access-Control-Allow-Headers" , strings .Join (headers , "," ))
3456 methods := []string {"GET" , "HEAD" , "POST" , "PUT" , "DELETE" }
3557 w .Header ().Set ("Access-Control-Allow-Methods" , strings .Join (methods , "," ))
0 commit comments