cors

package
v1.2.53 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2026 License: AGPL-3.0 Imports: 2 Imported by: 0

Documentation

Overview

Package cors provides shared browser CORS origin normalization helpers.

Index

Constants

View Source 
const DenyAllAllowlist = "https://invalid.invalid/lesser-cors-deny-all"

DenyAllAllowlist is a syntactically invalid origin-list sentinel used when an operator supplied only invalid origins. Runtime parsers ignore it and deploy templates never match it, preserving fail-closed behavior without falling back to the instance-origin default.

Variables

This section is empty.

Functions

func NormalizeAllowedOriginsForDeploy 

func NormalizeAllowedOriginsForDeploy(raw string) string

NormalizeAllowedOriginsForDeploy normalizes a comma-separated allowlist before it is embedded in deploy-time infrastructure. An empty raw value means "use the instance-origin default". A non-empty raw value with no valid entries returns DenyAllAllowlist so deploy-time preflights fail closed instead of accidentally reverting to the default origin.

func NormalizeOrigin 

func NormalizeOrigin(raw string) (string, *url.URL, bool)

NormalizeOrigin returns a normalized origin string and parsed URL when raw is exactly an origin. Paths other than '/', queries, fragments, opaque URLs, and userinfo are rejected.

func ParseAllowedOrigins 

func ParseAllowedOrigins(raw string) []string

ParseAllowedOrigins parses a comma-separated CORS allowlist for runtime use. Invalid entries are ignored fail-closed. A literal '*' is preserved only when explicitly supplied.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.