GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,741 Commits
25 Branches
128 Tags
169 MiB
Commit Graph

6 Commits (8c84b0fd8a07537572e607057b309681922a0b46)

Author SHA1 Message Date
Aaron Zingerle 8c84b0fd8a
🩹 fix: Middleware/CORS Remove Scheme Restriction (#3168) 
🩹 Fix: Middleware/CORS Remove Scheme Restriction (gofiber#3160)

Co-authored-by: Aaron Zingerle <aaron.zingerle@vipaso.io>
 2024-10-14 15:04:25 +02:00
Jason McNeil 1aac6f618b
fix(middleware/cors): Handling and wildcard subdomain matching (#2915) 
* fix: allow origins check

Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.

fixes #2882

* test: AllowOrigins with whitespace

* test(middleware/cors): add benchmarks

* chore: fix linter errors

* test(middleware/cors): use h() instead of app.Test()

* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme

* chore: refactor validate and normalize

* test(cors/middleware): add more benchmarks

* fix(middleware/cors): handling and wildcard subdomain matching

docs(middleware/cors): add How it works and Security Considerations

* chore: grammar

* Apply suggestions from code review

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: fix misspelling

* test(middleware/cors): combine Invalid_Origins tests

* refactor(middleware/cors): headers handling

* docs(middleware/cors): Update AllowOrigins description

* chore: merge

* perf(middleware/cors): optimize handler

* perf(middleware/cors): optimize handler

* chore(middleware/cors): ipdate origin handling logic

* chore(middleware/cors): fix header capitalization

* docs(middleware/cors): improve sercuity notes

* docs(middleware/cors): Improve security notes

* docs(middleware/cors): improve CORS overview

* docs(middleware/cors): fix ordering of how it works

* docs(middleware/cors): add additional info to How to works

* docs(middleware/cors): rm space

* docs(middleware/cors): add validation for AllowOrigins origins to overview

* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions

* docs(middleware/cors): Add dynamic origin validation example

* docs(middleware/cors): Improve security notes and fix header capitalization

* docs(middleware/cors): configuration examples

* docs(middleware/cors): `"*"`

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2024-03-17 13:43:16 +01:00
René Werner 70f21d5f7e fix cors domain normalize 2024-02-21 21:18:56 +01:00
Juan Calderon-Perez f0cd3b44b0
Merge pull request from GHSA-fmg4-x8pw-hjhg 
* Enforce Wildcard Origins with AllowCredentials check

* Expand unit-tests, fix issues with subdomains logic, update docs

* Update cors.md

* Added test using localhost, ipv4, and ipv6 address

* improve documentation markdown

---------

Co-authored-by: René Werner <rene@gofiber.io>
 2024-02-21 14:47:33 +01:00
leonklingele 167a8b5e94
🚀 Feature: Add and apply more stricter golangci-lint linting rules (#2286) 
* golangci-lint: add and apply more stricter linting rules

* github: drop security workflow now that we use gosec linter inside golangci-lint

* github: use official golangci-lint CI linter

* Add editorconfig and gitattributes file
 2023-01-27 09:01:37 +01:00
Fenny ec5d66e7a8 v2 2020-09-13 11:20:11 +02:00