moby/api/server/middleware/cors.go

package middleware

import (
	"net/http"

	"github.com/Sirupsen/logrus"
	"github.com/docker/docker/api/server/httputils"
	"golang.org/x/net/context"
)

// NewCORSMiddleware creates a new CORS middleware.
func NewCORSMiddleware(defaultHeaders string) Middleware {
	return func(handler httputils.APIFunc) httputils.APIFunc {
		return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
			// If "api-cors-header" is not given, but "api-enable-cors" is true, we set cors to "*"
			// otherwise, all head values will be passed to HTTP handler
			corsHeaders := defaultHeaders
			if corsHeaders == "" {
				corsHeaders = "*"
			}

			writeCorsHeaders(w, r, corsHeaders)
			return handler(ctx, w, r, vars)
		}
	}
}

func writeCorsHeaders(w http.ResponseWriter, r *http.Request, corsHeaders string) {
	logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
	w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
	w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
}