Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare for OSS #2

Merged
merged 9 commits into from
Nov 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 2 additions & 132 deletions .github/CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -1,133 +1,3 @@
# Contributor Covenant Code of Conduct

## Our Pledge

We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.

## Our Standards

Examples of behavior that contributes to a positive environment for our
community include:

* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community

Examples of unacceptable behavior include:

* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting

## Enforcement Responsibilities

Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.

Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.

## Scope

This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
[email protected]. All complaints will be reviewed and investigated promptly
and fairly.

All community leaders are obligated to respect the privacy and security of the
reporter of any incident.

## Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:

### 1. Correction

**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.

**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.

### 2. Warning

**Community Impact**: A violation through a single incident or series
of actions.

**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.

### 3. Temporary Ban

**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.

**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.

### 4. Permanent Ban

**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.

**Consequence**: A permanent ban from any sort of public interaction within
the community.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].

Community Impact Guidelines were inspired by
[Mozilla's code of conduct enforcement ladder][Mozilla CoC].

For answers to common questions about this code of conduct, see the FAQ at
[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
at [https://www.contributor-covenant.org/translations][translations].

[homepage]: https://www.contributor-covenant.org
[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
[Mozilla CoC]: https://github.com/mozilla/diversity
[FAQ]: https://www.contributor-covenant.org/faq
[translations]: https://www.contributor-covenant.org/translations
## Community Code of Conduct

Connect follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
6 changes: 0 additions & 6 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ jobs:
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
- name: Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-cors-go-ci-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-cors-go-ci-
- name: Test
run: make test
- name: Lint
Expand Down
1 change: 1 addition & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ linters:
- maintidx # covered by gocyclo
- maligned # readability trumps efficient struct packing
- nlreturn # generous whitespace violates house style
- nonamedreturns # named returns are fine; it's *bare* returns that are bad
- nosnakecase # deprecated in https://github.com/golangci/golangci-lint/pull/3065
- scopelint # deprecated by author
- structcheck # abandoned
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2023 Buf Technologies, Inc.
Copyright 2023 The Connect Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
7 changes: 7 additions & 0 deletions MAINTAINERS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Maintainers
===========

## Current
* [Akshay Shah](https://github.com/akshayjshah), [Buf](https://buf.build)
* [Edward McFarlane](https://github.com/emcfarlane), [Buf](https://buf.build)
* [Timo Stamm](https://github.com/timostamm), [Buf](https://buf.build)
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ build: generate ## Build all packages
generate: $(BIN)/license-header ## Regenerate code and licenses
license-header \
--license-type apache \
--copyright-holder "Buf Technologies, Inc." \
--copyright-holder "The Connect Authors" \
--year-range "$(COPYRIGHT_YEARS)" $(LICENSE_IGNORE)

.PHONY: lint
Expand Down
51 changes: 29 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,47 @@
cors-go
===============
cors
====

Cross-origin resource sharing (CORS) support for Connect servers. Exports methods
to configure CORS headers to allow Connect and gRPC-web protocols to operate in
the browser.
[![Build](https://github.com/connectrpc.com/cors-go/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/connectrpc.com/cors-go/actions/workflows/ci.yaml)
[![Report Card](https://goreportcard.com/badge/connectrpc.com/cors)](https://goreportcard.com/report/connectrpc.com/cors)
[![GoDoc](https://pkg.go.dev/badge/connectrpc.com/cors.svg)](https://pkg.go.dev/connectrpc.com/cors)

`connectrpc.com/cors` provides convenience methods to make configuring
Cross-Origin Resource Sharing (CORS) easier for
[Connect](https://github.com/connectrpc/connect-go) servers. CORS is often
required for the Connect and gRPC-Web protocols to work correctly in web
browsers.

For background, more details, and best practices, see [Connect's CORS
documentation](https://connectrpc.com/docs/cors).

## Example

As an example, we will use the [github.com/rs/cors](https://github.com/rs/cors)
package to demonstrate how to use the constants defined in this package.
This package should work with any CORS package. As an example, we'll use it
with [github.com/rs/cors](https://github.com/rs/cors).

```go
import (
cors "github.com/bufbuild/cors-go"
rscors "github.com/rs/cors"
connectcors "connectrpc.com/cors"
"github.com/rs/cors"
)

// corsMiddleware wraps a handler with require cors config using rs/cors.
func corsMiddleware(handler http.Handler) http.Handler {
// Create a new cors instance with default options.
c := rscors.New(rscors.Options{
AllowedMethods: cors.AllowedMethods(),
AllowedHeaders: cors.AllowedHeaders(),
ExposedHeaders: cors.ExposedHeaders(),
// withCORS adds CORS support to a Connect HTTP handler.
func withCORS(connectHandler http.Handler) http.Handler {
c := cors.New(cors.Options{
AllowedOrigins: []string{"https://acme.com"}, // replace with your domain
AllowedMethods: connectcors.AllowedMethods(),
AllowedHeaders: connectcors.AllowedHeaders(),
ExposedHeaders: connectcors.ExposedHeaders(),
MaxAge: 7200, // 2 hours in seconds
})
// Insert the middleware as a wrapper around your handler.
return c.Handler(handler /* connect handler */)
return c.Handler(connectHandler)
}
```

## Status: Alpha

Cors is undergoing initial development and is not yet stable.
This module is undergoing initial development and is not yet stable.

## Legal

Offered under the [Apache 2 license][license].

[license]: https://github.com/bufbuild/cors-go/blob/main/LICENSE
Offered under the [Apache 2 license][LICENSE].
5 changes: 5 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Security Policy
===============

This project follows the [Connect security policy and reporting
process](https://connectrpc.com/docs/governance/security).
68 changes: 29 additions & 39 deletions cors.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Buf Technologies, Inc.
// Copyright 2023 The Connect Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -12,13 +12,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.

// Package cors provides cross-origin resource sharing (CORS) constants for
// Connect. These constants are used to configure the CORS headers for a
// Connect server.
// Package cors provides helpers to configure cross-origin resource sharing
// (CORS) for Connect servers.
package cors

import "net/http"

// AllowedMethods returns the allowed HTTP methods that scripts running in the
// browser are permitted to use.
//
Expand All @@ -27,50 +24,43 @@ import "net/http"
// Access-Control-Allow-Methods.
func AllowedMethods() []string {
return []string{
http.MethodGet, // Required for Connect GET requests
http.MethodPost, // Required for all protocols
"GET", // for Connect
"POST", // for all protocols
}
}

// AllowedHeaders returns the allowed header fields that scripts running in the
// browser are permitted to access.
// AllowedHeaders returns the headers that scripts running in the browser send
// when making RPC requests. To support cross-domain requests with the
// protocols supported by Connect, these field names must be included in the
// Access-Control-Allow-Headers header of the preflight response.
//
// To support cross-domain requests with the protocols supported by Connect,
// these field names must be included in header Access-Control-Allow-Headers
// of the actual response.
// When configuring CORS, make sure to also include any application-specific
// headers your server expects to receive from the browser.
func AllowedHeaders() []string {
return []string{
"Content-Type", // Required for Connect
"Connect-Protocol-Version", // Required for Connect
"Connect-Timeout-Ms", // Optional for Connect
"Connect-Accept-Encoding", // Future use for Connect
"Connect-Content-Encoding", // Future use for Connect
"Accept-Encoding", // Future use for Connect
"Content-Encoding", // Future use for Connect
"Grpc-Timeout", // Required for gRPC-web
"X-Grpc-Web", // Optional for gRPC-web
"X-User-Agent", // Optional for gRPC-web
"Content-Type", // for all protocols
"Connect-Protocol-Version", // for Connect
"Connect-Timeout-Ms", // for Connect
"Grpc-Timeout", // for gRPC-web
"X-Grpc-Web", // for gRPC-web
"X-User-Agent", // for all protocols
}
}

// ExposedHeaders returns the headers that scripts running in the browser are
// permitted to see.
//
// To support cross-domain requests with the protocols supported by Connect,
// these field names must be included in header Access-Control-Expose-Headers
// of the actual response.
// ExposedHeaders returns the headers that scripts running in the
// browser expect to access when receiving RPC responses. To support
// cross-domain requests with the protocols supported by Connect, these field
// names must be included in the Access-Control-Expose-Headers header of the
// actual response.
//
// Make sure to include any application-specific headers your browser client
// should see. If your application uses trailers, they will be sent as header
// fields with a `Trailer-` prefix for Connect unary RPCs - make sure to
// expose them as well if you want them to be visible in all supported
// protocols.
// When configuring CORS, make sure to also include any application-specific
// headers your server expects to send to the browser. If your application uses
// trailers, they will be sent as headers with a `Trailer-` prefix for
// unary Connect RPCs - make sure to expose them!
func ExposedHeaders() []string {
return []string{
"Content-Encoding", // Future use for Connect
"Connect-Content-Encoding", // Future use for Connect
"Grpc-Status", // Required for gRPC-web header response
"Grpc-Message", // Required for gRPC-web header response
"Grpc-Status-Details-Bin", // Required for gRPC-web error details
"Grpc-Status", // for gRPC-web
"Grpc-Message", // for gRPC-web
"Grpc-Status-Details-Bin", // for gRPC-web
}
}
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module github.com/bufbuild/cors-go
module connectrpc.com/cors

go 1.19
Loading