32bitcafe/guestbook
1
0
Fork 0
Code Issues 4 Pull Requests 1 Packages Projects 1 Releases Wiki Activity

cors middleware

Browse Source
This commit is contained in:
yequari 2025-06-12 09:36:45 -07:00
parent 66cf07a024
commit 89be6fa34d
2 changed files with 76 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/web/middleware.go
View File

@ -8,7 +8,7 @@ import (
"github.com/justinas/nosurf" "github.com/justinas/nosurf"
) )
func (app *application) logRequest (next http.Handler) http.Handler { func (app *application) logRequest(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var ( var (
ip = r.RemoteAddr ip = r.RemoteAddr
@ -21,7 +21,7 @@ func (app *application) logRequest (next http.Handler) http.Handler {
}) })
} }
func commonHeaders (next http.Handler) http.Handler { func commonHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' fonts.googleapis.com; font-src fonts.gstatic.com") w.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' fonts.googleapis.com; font-src fonts.gstatic.com")
w.Header().Set("Referrer-Policy", "origin-when-cross-origin") w.Header().Set("Referrer-Policy", "origin-when-cross-origin")
@ -92,3 +92,10 @@ func (app *application) authenticate(next http.Handler) http.Handler {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }
func (app *application) enableCors(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
next.ServeHTTP(w, r)
})
}

3
cmd/web/routes.go
View File

@ -15,10 +15,11 @@ func (app *application) routes() http.Handler {
dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf, app.authenticate) dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf, app.authenticate)
standard := alice.New(app.recoverPanic, app.logRequest, commonHeaders) standard := alice.New(app.recoverPanic, app.logRequest, commonHeaders)
withCors := standard.Append(app.enableCors)
mux.Handle("/{$}", dynamic.ThenFunc(app.home)) mux.Handle("/{$}", dynamic.ThenFunc(app.home))
mux.Handle("GET /websites/{id}/guestbook", dynamic.ThenFunc(app.getGuestbook)) mux.Handle("GET /websites/{id}/guestbook", dynamic.ThenFunc(app.getGuestbook))
mux.Handle("GET /websites/{id}/guestbook/comments", standard.ThenFunc(app.getGuestbookCommentsSerialized)) mux.Handle("GET /websites/{id}/guestbook/comments", withCors.ThenFunc(app.getGuestbookCommentsSerialized))
mux.Handle("GET /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.getGuestbookCommentCreate)) mux.Handle("GET /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.getGuestbookCommentCreate))
mux.Handle("POST /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.postGuestbookCommentCreate)) mux.Handle("POST /websites/{id}/guestbook/comments/create", dynamic.ThenFunc(app.postGuestbookCommentCreate))
mux.Handle("GET /users/register", dynamic.ThenFunc(app.getUserRegister)) mux.Handle("GET /users/register", dynamic.ThenFunc(app.getUserRegister))