diff --git a/cors.go b/cors.go index e1069cb..41d5f7c 100644 --- a/cors.go +++ b/cors.go @@ -357,6 +357,12 @@ func (c *Cors) logf(format string, a ...interface{}) { } } +// check the Origin of a request. No origin at all is also allowed. +func (c *Cors) OriginAllowed(r *http.Request) bool { + origin := r.Header.Get("Origin") + return c.isOriginAllowed(r, origin) +} + // isOriginAllowed checks if a given origin is allowed to perform cross-domain requests // on the endpoint func (c *Cors) isOriginAllowed(r *http.Request, origin string) bool { diff --git a/cors_test.go b/cors_test.go index dcb2962..7f9898e 100644 --- a/cors_test.go +++ b/cors_test.go @@ -40,11 +40,12 @@ func assertResponse(t *testing.T, res *httptest.ResponseRecorder, responseCode i func TestSpec(t *testing.T) { cases := []struct { - name string - options Options - method string - reqHeaders map[string]string - resHeaders map[string]string + name string + options Options + method string + reqHeaders map[string]string + resHeaders map[string]string + originAllowed bool }{ { "NoConfig", @@ -56,6 +57,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin", }, + true, }, { "MatchAllOrigin", @@ -70,6 +72,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "*", }, + true, }, { "MatchAllOriginWithCredentials", @@ -86,6 +89,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Credentials": "true", }, + true, }, { "AllowedOrigin", @@ -100,6 +104,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "http://foobar.com", }, + true, }, { "WildcardOrigin", @@ -114,6 +119,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "http://foo.bar.com", }, + true, }, { "DisallowedOrigin", @@ -127,6 +133,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin", }, + false, }, { "DisallowedWildcardOrigin", @@ -140,6 +147,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin", }, + false, }, { "AllowedOriginFuncMatch", @@ -156,6 +164,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "http://foobar.com", }, + true, }, { "AllowOriginRequestFuncMatch", @@ -173,6 +182,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "http://foobar.com", }, + true, }, { "AllowOriginRequestFuncNotMatch", @@ -189,6 +199,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin", }, + false, }, { "MaxAge", @@ -208,6 +219,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Max-Age": "10", }, + true, }, { "AllowedMethod", @@ -225,6 +237,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Origin": "http://foobar.com", "Access-Control-Allow-Methods": "PUT", }, + true, }, { "DisallowedMethod", @@ -240,6 +253,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", }, + true, }, { "AllowedHeaders", @@ -259,6 +273,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Headers": "X-Header-2, X-Header-1", }, + true, }, { "DefaultAllowedHeaders", @@ -278,6 +293,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Headers": "X-Requested-With", }, + true, }, { "AllowedWildcardHeader", @@ -297,6 +313,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Headers": "X-Header-2, X-Header-1", }, + true, }, { "DisallowedHeader", @@ -313,6 +330,7 @@ func TestSpec(t *testing.T) { map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", }, + true, }, { "OriginHeader", @@ -331,6 +349,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Headers": "Origin", }, + true, }, { "ExposedHeader", @@ -347,6 +366,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Origin": "http://foobar.com", "Access-Control-Expose-Headers": "X-Header-1, X-Header-2", }, + true, }, { "AllowedCredentials", @@ -365,6 +385,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Credentials": "true", }, + true, }, { "OptionPassthrough", @@ -381,6 +402,7 @@ func TestSpec(t *testing.T) { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET", }, + true, }, { "NonPreflightOptions", @@ -395,6 +417,7 @@ func TestSpec(t *testing.T) { "Vary": "Origin", "Access-Control-Allow-Origin": "http://foobar.com", }, + true, }, } for i := range cases { @@ -407,6 +430,12 @@ func TestSpec(t *testing.T) { req.Header.Add(name, value) } + t.Run("OriginAllowed", func(t *testing.T) { + if have, want := s.OriginAllowed(req), tc.originAllowed; have != want { + t.Errorf("OriginAllowed have: %t want: %t", have, want) + } + }) + t.Run("Handler", func(t *testing.T) { res := httptest.NewRecorder() s.Handler(testHandler).ServeHTTP(res, req) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..2f8cfa7 --- /dev/null +++ b/go.sum @@ -0,0 +1,25 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.5.0 h1:fi+bqFAx/oLK54somfCtEZs9HeH1LHVoEPUgARpTqyc= +github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= +github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= +github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= +github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= +github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= +golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=