default header reset

middleware/cors.go

@@ -49,7 +49,7 @@ type OriginValidator func(string) bool
 var (
 	defaultCorsOptionStatusCode = http.StatusOK
 	defaultCorsMethods          = []string{http.MethodHead, http.MethodGet, http.MethodPost}
-	defaultCorsHeaders          = []string{"Accept", "Accept-Language", "Content-Type", "Content-Language", "Origin"}
+	defaultCorsHeaders          = []string{"Accept", "Accept-Language", "Content-Language", "Origin"}
 	// (WebKit/Safari v9 sends the Origin header by default in AJAX requests).
 )
 

router_serve.go

@@ -16,7 +16,18 @@ type ServeCB func(srv *http.Server) error
 func (r *Router) Serve(cb ServeCB) {
 	// catch all options
 	// lets get it thorugh all middlewares
-	r.mux.Handle("OPTIONS /", optionsHandler{})
+	r.OPTIONS("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Length", "0")
+		if r.ContentLength != 0 {
+			// Read up to 4KB of OPTIONS body (as mentioned in the
+			// spec as being reserved for future use), but anything
+			// over that is considered a waste of server resources
+			// (or an attack) and we abort and close the connection,
+			// courtesy of MaxBytesReader's EOF behavior.
+			mb := http.MaxBytesReader(w, r.Body, 4<<10)
+			io.Copy(io.Discard, mb)
+		}
+	})
 
 	srv := &http.Server{
 		Handler: r,
@@ -45,18 +56,3 @@ func (r *Router) Serve(cb ServeCB) {
 
 	<-idleConnsClosed
 }
-
-type optionsHandler struct{}
-
-func (optionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Length", "0")
-	if r.ContentLength != 0 {
-		// Read up to 4KB of OPTIONS body (as mentioned in the
-		// spec as being reserved for future use), but anything
-		// over that is considered a waste of server resources
-		// (or an attack) and we abort and close the connection,
-		// courtesy of MaxBytesReader's EOF behavior.
-		mb := http.MaxBytesReader(w, r.Body, 4<<10)
-		io.Copy(io.Discard, mb)
-	}
-}