* Organize and reword templates guide
* Add full example to templates guide
* Add advanced templating section to template guide
* Add template repo link and fix typo in Templates guide
- Add link to https://github.com/gofiber/template in Templates Guide
- Fix typo: missing period in info block about ctx.Render()
* Update docs/guide/templates.md
* Update docs/guide/templates.md
---------
Co-authored-by: RW <rene@gofiber.io>
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
* fix(middleware/cors): handling and wildcard subdomain matching
docs(middleware/cors): add How it works and Security Considerations
* chore: grammar
* Apply suggestions from code review
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore: fix misspelling
* test(middleware/cors): combine Invalid_Origins tests
* refactor(middleware/cors): headers handling
* docs(middleware/cors): Update AllowOrigins description
* chore: merge
* perf(middleware/cors): optimize handler
* perf(middleware/cors): optimize handler
* chore(middleware/cors): ipdate origin handling logic
* chore(middleware/cors): fix header capitalization
* docs(middleware/cors): improve sercuity notes
* docs(middleware/cors): Improve security notes
* docs(middleware/cors): improve CORS overview
* docs(middleware/cors): fix ordering of how it works
* docs(middleware/cors): add additional info to How to works
* docs(middleware/cors): rm space
* docs(middleware/cors): add validation for AllowOrigins origins to overview
* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions
* docs(middleware/cors): Add dynamic origin validation example
* docs(middleware/cors): Improve security notes and fix header capitalization
* docs(middleware/cors): configuration examples
* docs(middleware/cors): `"*"`
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* ✨ feat: add support for parameters in content negotiation
Attempts to approach the level of support offered by express,
but behavior may differ in unusual corner cases.
Some key behaviors from Express that are implemented:
- If an offer does not have every parameter listed in the given Accept,
it is rejected.
- Parameters do not affect specificity.
- In a given specificity, more parameters gives greater precedence
- Parameters are unordered
- Matching is case-insensitive
- Surrounding quotes for parameter values are stripped
- If an Accept type specifies a parameter more than once, the last
value provided is taken.
- Parameters after q are not processed.
https://www.rfc-editor.org/rfc/rfc9110#name-parameters
* doc: properly attribute reader.go for validHeaderFieldByte
* fix: remove underscores from fuzz test name
* test(forEachParameter): improve coverage
* doc: add comment clarifying RFC 9110 non-compliance for corner case
* Update ctx.md
Added additional information to why GetReqHeaders returns a map where the values are slices of strings (instead of a single string as one might expect)
* Update ctx.md
added the same explanation to GetRespHeaders too
* 11-aryan
* Removed the backticks where no special characters is used
* added backticks to path parameters where special characters are escaped
* Replaced double quotes with backticks in all route parameter strings #2591
* Replaced double quotes with backticks in all route parameter strings #2591
---------
Co-authored-by: René Werner <rene@gofiber.io>
* 🔥 add config to enable splitting by comma in parsers
🔥 add config to enable splitting by comma in parsers
* optimize if statements, remove escape char support
optimize if statements, remove escape char support
* update
René
Giovanni Rivera
Jason McNeil
Juan Calderon-Perez
Lucas Lemos
Bruno
Mehmet Firat KOMURCU
Benjamin Grosse
iRedMail
Reid Hurlburt
nickajacks1
Moritz
Javier Scappini
joey1123455
KaptinLin
M. Efe Çetin
Jimmy Li
)`(-@_.+_^*__*^
Jian Lim