net/http: add example for CrossOriginProtection

It's not immediately appaerent that a method must
be used to wrap the handler, so add a basic
example to guide users to the right API.

Fixes golang#74121

Change-Id: I23fc3dff6fff9bf4eb29c099bc77da8c99620671
Reviewed-on: https://go-review.googlesource.com/c/go/+/681256
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Sean Liao <[email protected]>
Auto-Submit: Sean Liao <[email protected]>
Reviewed-by: David Chase <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>

Author: brackendawson

src/net/http/example_test.go

@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"time"
 )
 
 func ExampleHijacker() {
@@ -221,3 +222,22 @@ func ExampleProtocols_http1or2() {
 	}
 	res.Body.Close()
 }
+
+func ExampleCrossOriginProtection() {
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/hello", func(w http.ResponseWriter, req *http.Request) {
+		io.WriteString(w, "request allowed\n")
+	})
+
+	srv := http.Server{
+		Addr:         ":8080",
+		ReadTimeout:  15 * time.Second,
+		WriteTimeout: 15 * time.Second,
+		// Use CrossOriginProtection.Handler to block all non-safe cross-origin
+		// browser requests to mux.
+		Handler: http.NewCrossOriginProtection().Handler(mux),
+	}
+
+	log.Fatal(srv.ListenAndServe())
+}