feat: adds support for private network header (#128)

cors.go

@@ -26,6 +26,9 @@ type Config struct {
 	// cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS)
 	AllowMethods []string
 
+	// AllowPrivateNetwork indicates whether the response should include allow private network header
+	AllowPrivateNetwork bool
+
 	// AllowHeaders is list of non simple headers the client is allowed to use with
 	// cross-domain requests.
 	AllowHeaders []string

cors_test.go

@@ -168,6 +168,15 @@ func TestGeneratePreflightHeaders_AllowCredentials(t *testing.T) {
 	assert.Len(t, header, 2)
 }
 
+func TestGeneratePreflightHeaders_AllowPrivateNetwork(t *testing.T) {
+	header := generatePreflightHeaders(Config{
+		AllowPrivateNetwork: true,
+	})
+	assert.Equal(t, header.Get("Access-Control-Allow-Private-Network"), "true")
+	assert.Equal(t, header.Get("Vary"), "Origin")
+	assert.Len(t, header, 2)
+}
+
 func TestGeneratePreflightHeaders_AllowMethods(t *testing.T) {
 	header := generatePreflightHeaders(Config{
 		AllowMethods: []string{"GET ", "post", "PUT", " put  "},

utils.go

@@ -45,6 +45,11 @@ func generatePreflightHeaders(c Config) http.Header {
 		value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10)
 		headers.Set("Access-Control-Max-Age", value)
 	}
+
+	if c.AllowPrivateNetwork {
+		headers.Set("Access-Control-Allow-Private-Network", "true")
+	}
+
 	if c.AllowAllOrigins {
 		headers.Set("Access-Control-Allow-Origin", "*")
 	} else {