github.com/orangenpresse/up@v0.6.0/config/cors.go (about) 1 package config 2 3 // CORS configuration. 4 type CORS struct { 5 // AllowedOrigins is a list of origins a cross-domain request can be executed from. 6 // If the special "*" value is present in the list, all origins will be allowed. 7 // An origin may contain a wildcard (*) to replace 0 or more characters 8 // (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penalty. 9 // Only one wildcard can be used per origin. 10 // Default value is ["*"] 11 AllowedOrigins []string `json:"allowed_origins"` 12 13 // AllowedMethods is a list of methods the client is allowed to use with 14 // cross-domain requests. Default value is simple methods (GET and POST) 15 AllowedMethods []string `json:"allowed_methods"` 16 17 // AllowedHeaders is list of non simple headers the client is allowed to use with 18 // cross-domain requests. 19 // If the special "*" value is present in the list, all headers will be allowed. 20 // Default value is [] but "Origin" is always appended to the list. 21 AllowedHeaders []string `json:"allowed_headers"` 22 23 // ExposedHeaders indicates which headers are safe to expose to the API of a CORS 24 // API specification 25 ExposedHeaders []string `json:"exposed_headers"` 26 27 // AllowCredentials indicates whether the request can include user credentials like 28 // cookies, HTTP authentication or client side SSL certificates. 29 AllowCredentials bool `json:"allow_credentials"` 30 31 // MaxAge indicates how long (in seconds) the results of a preflight request 32 // can be cached. 33 MaxAge int `json:"max_int"` 34 35 // Debugging flag adds additional output to debug server side CORS issues 36 Debug bool `json:"debug"` 37 }