From 925149da2009589f6f2567564e1c7370e9f93b1b Mon Sep 17 00:00:00 2001
From: Bracken Dawson <abdawson@gmail.com>
Date: Thu, 12 Jun 2025 10:30:28 +0200
Subject: [PATCH] net/http: add example for CrossOriginProtection

It's not immediately appaerent that a method must
be used to wrap the handler, so add a basic
example to guide users to the right API.

Fixes #74121

Change-Id: I23fc3dff6fff9bf4eb29c099bc77da8c99620671
Reviewed-on: https://go-review.googlesource.com/c/go/+/681256
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
 src/net/http/example_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/net/http/example_test.go b/src/net/http/example_test.go
index f40273f14a..acb96bba51 100644
--- a/src/net/http/example_test.go
+++ b/src/net/http/example_test.go
@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"time"
 )
 
 func ExampleHijacker() {
@@ -221,3 +222,22 @@ func ExampleProtocols_http1or2() {
 	}
 	res.Body.Close()
 }
+
+func ExampleCrossOriginProtection() {
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/hello", func(w http.ResponseWriter, req *http.Request) {
+		io.WriteString(w, "request allowed\n")
+	})
+
+	srv := http.Server{
+		Addr:         ":8080",
+		ReadTimeout:  15 * time.Second,
+		WriteTimeout: 15 * time.Second,
+		// Use CrossOriginProtection.Handler to block all non-safe cross-origin
+		// browser requests to mux.
+		Handler: http.NewCrossOriginProtection().Handler(mux),
+	}
+
+	log.Fatal(srv.ListenAndServe())
+}
-- 
2.51.0