diff options
Diffstat (limited to 'Godeps/_workspace/src/github.com/rs')
| -rw-r--r-- | Godeps/_workspace/src/github.com/rs/cors/.travis.yml | 4 | ||||
| -rw-r--r-- | Godeps/_workspace/src/github.com/rs/cors/LICENSE | 19 | ||||
| -rw-r--r-- | Godeps/_workspace/src/github.com/rs/cors/README.md | 84 | ||||
| -rw-r--r-- | Godeps/_workspace/src/github.com/rs/cors/cors.go | 308 | ||||
| -rw-r--r-- | Godeps/_workspace/src/github.com/rs/cors/utils.go | 27 |
5 files changed, 0 insertions, 442 deletions
diff --git a/Godeps/_workspace/src/github.com/rs/cors/.travis.yml b/Godeps/_workspace/src/github.com/rs/cors/.travis.yml deleted file mode 100644 index bbb5185a2..000000000 --- a/Godeps/_workspace/src/github.com/rs/cors/.travis.yml +++ /dev/null @@ -1,4 +0,0 @@ -language: go -go: -- 1.3 -- 1.4 diff --git a/Godeps/_workspace/src/github.com/rs/cors/LICENSE b/Godeps/_workspace/src/github.com/rs/cors/LICENSE deleted file mode 100644 index d8e2df5a4..000000000 --- a/Godeps/_workspace/src/github.com/rs/cors/LICENSE +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) 2014 Olivier Poitrey <rs@dailymotion.com> - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/Godeps/_workspace/src/github.com/rs/cors/README.md b/Godeps/_workspace/src/github.com/rs/cors/README.md deleted file mode 100644 index 6f70c30ac..000000000 --- a/Godeps/_workspace/src/github.com/rs/cors/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Go CORS handler [](https://godoc.org/github.com/rs/cors) [](https://raw.githubusercontent.com/rs/cors/master/LICENSE) [](https://travis-ci.org/rs/cors) - -CORS is a `net/http` handler implementing [Cross Origin Resource Sharing W3 specification](http://www.w3.org/TR/cors/) in Golang. - -## Getting Started - -After installing Go and setting up your [GOPATH](http://golang.org/doc/code.html#GOPATH), create your first `.go` file. We'll call it `server.go`. - -```go -package main - -import ( - "net/http" - - "github.com/rs/cors" -) - -func main() { - h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.Write([]byte("{\"hello\": \"world\"}")) - }) - - // cors.Default() setup the middleware with default options being - // all origins accepted with simple methods (GET, POST). See - // documentation below for more options. - handler = cors.Default().Handler(h) - http.ListenAndServe(":8080", handler) -} -``` - -Install `cors`: - - go get github.com/rs/cors - -Then run your server: - - go run server.go - -The server now runs on `localhost:8080`: - - $ curl -D - -H 'Origin: http://foo.com' http://localhost:8080/ - HTTP/1.1 200 OK - Access-Control-Allow-Origin: foo.com - Content-Type: application/json - Date: Sat, 25 Oct 2014 03:43:57 GMT - Content-Length: 18 - - {"hello": "world"} - -### More Examples - -* `net/http`: [examples/nethttp/server.go](https://github.com/rs/cors/blob/master/examples/nethttp/server.go) -* [Goji](https://goji.io): [examples/goji/server.go](https://github.com/rs/cors/blob/master/examples/goji/server.go) -* [Martini](http://martini.codegangsta.io): [examples/martini/server.go](https://github.com/rs/cors/blob/master/examples/martini/server.go) -* [Negroni](https://github.com/codegangsta/negroni): [examples/negroni/server.go](https://github.com/rs/cors/blob/master/examples/negroni/server.go) -* [Alice](https://github.com/justinas/alice): [examples/alice/server.go](https://github.com/rs/cors/blob/master/examples/alice/server.go) - -## Parameters - -Parameters are passed to the middleware thru the `cors.New` method as follow: - -```go -c := cors.New(cors.Options{ - AllowedOrigins: []string{"http://foo.com"}, - AllowCredentials: true, -}) - -// Insert the middleware -handler = c.Handler(handler) -``` - -* **AllowedOrigins** `[]string`: A list of origins a cross-domain request can be executed from. If the special `*` value is present in the list, all origins will be allowed. The default value is `*`. -* **AllowedMethods** `[]string`: A list of methods the client is allowed to use with cross-domain requests. -* **AllowedHeaders** `[]string`: A list of non simple headers the client is allowed to use with cross-domain requests. Default value is simple methods (`GET` and `POST`) -* **ExposedHeaders** `[]string`: Indicates which headers are safe to expose to the API of a CORS API specification -* **AllowCredentials** `bool`: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default is `false`. -* **MaxAge** `int`: Indicates how long (in seconds) the results of a preflight request can be cached. The default is `0` which stands for no max age. - -See [API documentation](http://godoc.org/github.com/rs/cors) for more info. - -## Licenses - -All source code is licensed under the [MIT License](https://raw.github.com/rs/cors/master/LICENSE). diff --git a/Godeps/_workspace/src/github.com/rs/cors/cors.go b/Godeps/_workspace/src/github.com/rs/cors/cors.go deleted file mode 100644 index 276bc40bb..000000000 --- a/Godeps/_workspace/src/github.com/rs/cors/cors.go +++ /dev/null @@ -1,308 +0,0 @@ -/* -Package cors is net/http handler to handle CORS related requests -as defined by http://www.w3.org/TR/cors/ - -You can configure it by passing an option struct to cors.New: - - c := cors.New(cors.Options{ - AllowedOrigins: []string{"foo.com"}, - AllowedMethods: []string{"GET", "POST", "DELETE"}, - AllowCredentials: true, - }) - -Then insert the handler in the chain: - - handler = c.Handler(handler) - -See Options documentation for more options. - -The resulting handler is a standard net/http handler. -*/ -package cors - -import ( - "log" - "net/http" - "os" - "strconv" - "strings" -) - -// Options is a configuration container to setup the CORS middleware. -type Options struct { - // AllowedOrigins is a list of origins a cross-domain request can be executed from. - // If the special "*" value is present in the list, all origins will be allowed. - // Default value is ["*"] - AllowedOrigins []string - // AllowedMethods is a list of methods the client is allowed to use with - // cross-domain requests. Default value is simple methods (GET and POST) - AllowedMethods []string - // AllowedHeaders is list of non simple headers the client is allowed to use with - // cross-domain requests. - // If the special "*" value is present in the list, all headers will be allowed. - // Default value is [] but "Origin" is always appended to the list. - AllowedHeaders []string - // ExposedHeaders indicates which headers are safe to expose to the API of a CORS - // API specification - ExposedHeaders []string - // AllowCredentials indicates whether the request can include user credentials like - // cookies, HTTP authentication or client side SSL certificates. - AllowCredentials bool - // MaxAge indicates how long (in seconds) the results of a preflight request - // can be cached - MaxAge int - // Debugging flag adds additional output to debug server side CORS issues - Debug bool - // log object to use when debugging - log *log.Logger -} - -type Cors struct { - // The CORS Options - options Options -} - -// New creates a new Cors handler with the provided options. -func New(options Options) *Cors { - // Normalize options - // Note: for origins and methods matching, the spec requires a case-sensitive matching. - // As it may error prone, we chose to ignore the spec here. - normOptions := Options{ - AllowedOrigins: convert(options.AllowedOrigins, strings.ToLower), - AllowedMethods: convert(options.AllowedMethods, strings.ToUpper), - // Origin is always appended as some browsers will always request - // for this header at preflight - AllowedHeaders: convert(append(options.AllowedHeaders, "Origin"), http.CanonicalHeaderKey), - ExposedHeaders: convert(options.ExposedHeaders, http.CanonicalHeaderKey), - AllowCredentials: options.AllowCredentials, - MaxAge: options.MaxAge, - Debug: options.Debug, - log: log.New(os.Stdout, "[cors] ", log.LstdFlags), - } - if len(normOptions.AllowedOrigins) == 0 { - // Default is all origins - normOptions.AllowedOrigins = []string{"*"} - } - if len(normOptions.AllowedHeaders) == 1 { - // Add some sensible defaults - normOptions.AllowedHeaders = []string{"Origin", "Accept", "Content-Type"} - } - if len(normOptions.AllowedMethods) == 0 { - // Default is simple methods - normOptions.AllowedMethods = []string{"GET", "POST"} - } - - if normOptions.Debug { - normOptions.log.Printf("Options: %v", normOptions) - } - return &Cors{ - options: normOptions, - } -} - -// Default creates a new Cors handler with default options -func Default() *Cors { - return New(Options{}) -} - -// Handler apply the CORS specification on the request, and add relevant CORS headers -// as necessary. -func (cors *Cors) Handler(h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == "OPTIONS" { - cors.logf("Handler: Preflight request") - cors.handlePreflight(w, r) - // Preflight requests are standalone and should stop the chain as some other - // middleware may not handle OPTIONS requests correctly. One typical example - // is authentication middleware ; OPTIONS requests won't carry authentication - // headers (see #1) - } else { - cors.logf("Handler: Actual request") - cors.handleActualRequest(w, r) - h.ServeHTTP(w, r) - } - }) -} - -// Martini compatible handler -func (cors *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request) { - if r.Method == "OPTIONS" { - cors.logf("HandlerFunc: Preflight request") - cors.handlePreflight(w, r) - } else { - cors.logf("HandlerFunc: Actual request") - cors.handleActualRequest(w, r) - } -} - -// Negroni compatible interface -func (cors *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { - if r.Method == "OPTIONS" { - cors.logf("ServeHTTP: Preflight request") - cors.handlePreflight(w, r) - // Preflight requests are standalone and should stop the chain as some other - // middleware may not handle OPTIONS requests correctly. One typical example - // is authentication middleware ; OPTIONS requests won't carry authentication - // headers (see #1) - } else { - cors.logf("ServeHTTP: Actual request") - cors.handleActualRequest(w, r) - next(w, r) - } -} - -// handlePreflight handles pre-flight CORS requests -func (cors *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) { - options := cors.options - headers := w.Header() - origin := r.Header.Get("Origin") - - if r.Method != "OPTIONS" { - cors.logf(" Preflight aborted: %s!=OPTIONS", r.Method) - return - } - if origin == "" { - cors.logf(" Preflight aborted: empty origin") - return - } - if !cors.isOriginAllowed(origin) { - cors.logf(" Preflight aborted: origin '%s' not allowed", origin) - return - } - - reqMethod := r.Header.Get("Access-Control-Request-Method") - if !cors.isMethodAllowed(reqMethod) { - cors.logf(" Preflight aborted: method '%s' not allowed", reqMethod) - return - } - reqHeaders := parseHeaderList(r.Header.Get("Access-Control-Request-Headers")) - if !cors.areHeadersAllowed(reqHeaders) { - cors.logf(" Preflight aborted: headers '%v' not allowed", reqHeaders) - return - } - headers.Set("Access-Control-Allow-Origin", origin) - headers.Add("Vary", "Origin") - // Spec says: Since the list of methods can be unbounded, simply returning the method indicated - // by Access-Control-Request-Method (if supported) can be enough - headers.Set("Access-Control-Allow-Methods", strings.ToUpper(reqMethod)) - if len(reqHeaders) > 0 { - - // Spec says: Since the list of headers can be unbounded, simply returning supported headers - // from Access-Control-Request-Headers can be enough - headers.Set("Access-Control-Allow-Headers", strings.Join(reqHeaders, ", ")) - } - if options.AllowCredentials { - headers.Set("Access-Control-Allow-Credentials", "true") - } - if options.MaxAge > 0 { - headers.Set("Access-Control-Max-Age", strconv.Itoa(options.MaxAge)) - } - cors.logf(" Preflight response headers: %v", headers) -} - -// handleActualRequest handles simple cross-origin requests, actual request or redirects -func (cors *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) { - options := cors.options - headers := w.Header() - origin := r.Header.Get("Origin") - - if r.Method == "OPTIONS" { - cors.logf(" Actual request no headers added: method == %s", r.Method) - return - } - if origin == "" { - cors.logf(" Actual request no headers added: missing origin") - return - } - if !cors.isOriginAllowed(origin) { - cors.logf(" Actual request no headers added: origin '%s' not allowed", origin) - return - } - - // Note that spec does define a way to specifically disallow a simple method like GET or - // POST. Access-Control-Allow-Methods is only used for pre-flight requests and the - // spec doesn't instruct to check the allowed methods for simple cross-origin requests. - // We think it's a nice feature to be able to have control on those methods though. - if !cors.isMethodAllowed(r.Method) { - if cors.options.Debug { - cors.logf(" Actual request no headers added: method '%s' not allowed", - r.Method) - } - - return - } - headers.Set("Access-Control-Allow-Origin", origin) - headers.Add("Vary", "Origin") - if len(options.ExposedHeaders) > 0 { - headers.Set("Access-Control-Expose-Headers", strings.Join(options.ExposedHeaders, ", ")) - } - if options.AllowCredentials { - headers.Set("Access-Control-Allow-Credentials", "true") - } - cors.logf(" Actual response added headers: %v", headers) -} - -// convenience method. checks if debugging is turned on before printing -func (cors *Cors) logf(format string, a ...interface{}) { - if cors.options.Debug { - cors.options.log.Printf(format, a...) - } -} - -// isOriginAllowed checks if a given origin is allowed to perform cross-domain requests -// on the endpoint -func (cors *Cors) isOriginAllowed(origin string) bool { - allowedOrigins := cors.options.AllowedOrigins - origin = strings.ToLower(origin) - for _, allowedOrigin := range allowedOrigins { - switch allowedOrigin { - case "*": - return true - case origin: - return true - } - } - return false -} - -// isMethodAllowed checks if a given method can be used as part of a cross-domain request -// on the endpoing -func (cors *Cors) isMethodAllowed(method string) bool { - allowedMethods := cors.options.AllowedMethods - if len(allowedMethods) == 0 { - // If no method allowed, always return false, even for preflight request - return false - } - method = strings.ToUpper(method) - if method == "OPTIONS" { - // Always allow preflight requests - return true - } - for _, allowedMethod := range allowedMethods { - if allowedMethod == method { - return true - } - } - return false -} - -// areHeadersAllowed checks if a given list of headers are allowed to used within -// a cross-domain request. -func (cors *Cors) areHeadersAllowed(requestedHeaders []string) bool { - if len(requestedHeaders) == 0 { - return true - } - for _, header := range requestedHeaders { - found := false - for _, allowedHeader := range cors.options.AllowedHeaders { - if allowedHeader == "*" || allowedHeader == header { - found = true - break - } - } - if !found { - return false - } - } - return true -} diff --git a/Godeps/_workspace/src/github.com/rs/cors/utils.go b/Godeps/_workspace/src/github.com/rs/cors/utils.go deleted file mode 100644 index 429ab1114..000000000 --- a/Godeps/_workspace/src/github.com/rs/cors/utils.go +++ /dev/null @@ -1,27 +0,0 @@ -package cors - -import ( - "net/http" - "strings" -) - -type converter func(string) string - -// convert converts a list of string using the passed converter function -func convert(s []string, c converter) []string { - out := []string{} - for _, i := range s { - out = append(out, c(i)) - } - return out -} - -func parseHeaderList(headerList string) (headers []string) { - for _, header := range strings.Split(headerList, ",") { - header = http.CanonicalHeaderKey(strings.TrimSpace(header)) - if header != "" { - headers = append(headers, header) - } - } - return headers -} |