net/http: add example for CrossOriginProtection

It's not immediately appaerent that a method must be used to wrap the handler, so add a basic example to guide users to the right API. Fixes #74121 Change-Id: I23fc3dff6fff9bf4eb29c099bc77da8c99620671 Reviewed-on: https://go-review.googlesource.com/c/go/+/681256 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sean Liao <sean@liao.dev> Auto-Submit: Sean Liao <sean@liao.dev> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2026-02-01 08:32:04 +03:00 · 2025-06-12 10:30:28 +02:00
parent cf4af0b2f3
commit 925149da20
1 changed files with 20 additions and 0 deletions
--- a/src/net/http/example_test.go
+++ b/src/net/http/example_test.go
@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"time"
 )

 func ExampleHijacker() {
@@ -221,3 +222,22 @@ func ExampleProtocols_http1or2() {
 	}
 	res.Body.Close()
 }
+
+func ExampleCrossOriginProtection() {
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/hello", func(w http.ResponseWriter, req *http.Request) {
+		io.WriteString(w, "request allowed\n")
+	})
+
+	srv := http.Server{
+		Addr:         ":8080",
+		ReadTimeout:  15 * time.Second,
+		WriteTimeout: 15 * time.Second,
+		// Use CrossOriginProtection.Handler to block all non-safe cross-origin
+		// browser requests to mux.
+		Handler: http.NewCrossOriginProtection().Handler(mux),
+	}
+
+	log.Fatal(srv.ListenAndServe())
+}