nicolasparada/cors.go

## cors.go
package main

import (
	"flag"
	"log"
	"net/http"
	"os"
)

func main() {
	allowedOrigin := os.Getenv("ALLOWED_ORIGIN")
	flag.StringVar(&allowedOrigin, "allowed-origin", allowedOrigin, "Allowed origin to do requests to this server. If empty, anyone will have access")
	flag.Parse()

	mux := http.NewServeMux()
	// define your routes here.

	var h http.Handler = mux
	{
		var opts []func(*accessControlOpts)
		if allowedOrigin != "" {
			opts = append(opts, accessControlWithOrigin(allowedOrigin))
		}
		h = withAccessControl(h, opts...)
	}

	log.Fatalln(http.ListenAndServe(":8080", h))
}

type accessControlOpts struct {
	Origin *string
}

type accessControlOpt func(*accessControlOpts)

func accessControlWithOrigin(s string) accessControlOpt {
	return func(opts *accessControlOpts) {
		opts.Origin = &s
	}
}

func withAccessControl(next http.Handler, opts ...func(*accessControlOpts)) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		h := w.Header()
		h.Add("Vary", "Origin")
		var options accessControlOpts
		for _, o := range opts {
			o(&options)
		}
		if options.Origin != nil {
			h.Set("Access-Control-Allow-Origin", *options.Origin)
		} else if origin := r.Header.Get("Origin"); origin != "" {
			h.Set("Access-Control-Allow-Origin", origin)
		} else {
			h.Set("Access-Control-Allow-Origin", "*")
		}
		h.Set("Access-Control-Allow-Headers", "Accept, Accept-Encoding, Authorization, Content-Length, Content-Type")
		h.Set("Access-Control-Allow-Credentials", "true")

		if r.Method == http.MethodOptions {
			h.Add("Vary", "Access-Control-Request-Method")
			h.Add("Vary", "Access-Control-Request-Headers")
			h.Set("Access-Control-Allow-Methods", "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS")
			w.WriteHeader(http.StatusNoContent)
			return
		}

		next.ServeHTTP(w, r)
	})
}
	package main

	import (
	"flag"
	"log"
	"net/http"
	"os"
	)

	func main() {
	allowedOrigin := os.Getenv("ALLOWED_ORIGIN")
	flag.StringVar(&allowedOrigin, "allowed-origin", allowedOrigin, "Allowed origin to do requests to this server. If empty, anyone will have access")
	flag.Parse()

	mux := http.NewServeMux()
	// define your routes here.

	var h http.Handler = mux
	{
	var opts []func(*accessControlOpts)
	if allowedOrigin != "" {
	opts = append(opts, accessControlWithOrigin(allowedOrigin))
	}
	h = withAccessControl(h, opts...)
	}

	log.Fatalln(http.ListenAndServe(":8080", h))
	}

	type accessControlOpts struct {
	Origin *string
	}

	type accessControlOpt func(*accessControlOpts)

	func accessControlWithOrigin(s string) accessControlOpt {
	return func(opts *accessControlOpts) {
	opts.Origin = &s
	}
	}

	func withAccessControl(next http.Handler, opts ...func(*accessControlOpts)) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	h := w.Header()
	h.Add("Vary", "Origin")
	var options accessControlOpts
	for _, o := range opts {
	o(&options)
	}
	if options.Origin != nil {
	h.Set("Access-Control-Allow-Origin", *options.Origin)
	} else if origin := r.Header.Get("Origin"); origin != "" {
	h.Set("Access-Control-Allow-Origin", origin)
	} else {
	h.Set("Access-Control-Allow-Origin", "*")
	}
	h.Set("Access-Control-Allow-Headers", "Accept, Accept-Encoding, Authorization, Content-Length, Content-Type")
	h.Set("Access-Control-Allow-Credentials", "true")

	if r.Method == http.MethodOptions {
	h.Add("Vary", "Access-Control-Request-Method")
	h.Add("Vary", "Access-Control-Request-Headers")
	h.Set("Access-Control-Allow-Methods", "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS")
	w.WriteHeader(http.StatusNoContent)
	return
	}

	next.ServeHTTP(w, r)
	})
	}