GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fiber/middleware
History
Jason McNeil 1aac6f618b
fix(middleware/cors): Handling and wildcard subdomain matching (#2915) 
* fix: allow origins check

Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.

fixes #2882

* test: AllowOrigins with whitespace

* test(middleware/cors): add benchmarks

* chore: fix linter errors

* test(middleware/cors): use h() instead of app.Test()

* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme

* chore: refactor validate and normalize

* test(cors/middleware): add more benchmarks

* fix(middleware/cors): handling and wildcard subdomain matching

docs(middleware/cors): add How it works and Security Considerations

* chore: grammar

* Apply suggestions from code review

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: fix misspelling

* test(middleware/cors): combine Invalid_Origins tests

* refactor(middleware/cors): headers handling

* docs(middleware/cors): Update AllowOrigins description

* chore: merge

* perf(middleware/cors): optimize handler

* perf(middleware/cors): optimize handler

* chore(middleware/cors): ipdate origin handling logic

* chore(middleware/cors): fix header capitalization

* docs(middleware/cors): improve sercuity notes

* docs(middleware/cors): Improve security notes

* docs(middleware/cors): improve CORS overview

* docs(middleware/cors): fix ordering of how it works

* docs(middleware/cors): add additional info to How to works

* docs(middleware/cors): rm space

* docs(middleware/cors): add validation for AllowOrigins origins to overview

* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions

* docs(middleware/cors): Add dynamic origin validation example

* docs(middleware/cors): Improve security notes and fix header capitalization

* docs(middleware/cors): configuration examples

* docs(middleware/cors): `"*"`

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 		2024-03-17 13:43:16 +01:00
..
adaptor 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772) 2023-12-22 14:49:58 +01:00
basicauth fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 2023-12-12 14:55:29 +01:00
cache ♻️ Refactor: Remove redundant nil check (#2584) 2023-08-17 20:49:53 +02:00
compress Fix loop variable captured by func literal (#2660) 2023-10-05 13:49:57 +02:00
cors fix(middleware/cors): Handling and wildcard subdomain matching (#2915) 2024-03-17 13:43:16 +01:00
csrf fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 2023-12-12 14:55:29 +01:00
earlydata 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
encryptcookie chore(encryptcookie)!: update default config (#2753) 2023-12-07 08:39:41 +01:00
envvar 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
etag 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
expvar 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
favicon refactor: use utils.AssertEqual instead of t.Fatal on some tests (#2653) 2023-09-28 14:40:42 +02:00
filesystem [filesystem middleware] improve status for SendFile (#2664) 2023-10-06 13:10:20 +02:00
healthcheck fix: healthcheck middleware not working with route group (#2863) 2024-02-19 14:28:58 +01:00
helmet ♻️ refactor: merge some external middlewares to core (#2453) 2023-05-10 08:01:49 +02:00
idempotency fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 2023-12-12 14:55:29 +01:00
keyauth fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 2023-12-12 14:55:29 +01:00
limiter test(limiter): fix intermittent failures (#2716) 2023-11-10 11:33:10 +01:00
logger ♻️ logger/middleware colorize logger error message #2593 (#2773) 2023-12-23 08:31:58 +01:00
monitor 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
pprof middleware/pprof: improve performance (#2709) 2023-11-09 08:05:54 +01:00
proxy 🚀 Add Logger interface and fiberlog (#2499) 2023-06-26 08:16:57 +02:00
recover 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
redirect 🩹🚨 - fix for redirect with query params (#2748) 2023-12-22 16:18:04 +01:00
requestid fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 2023-12-12 14:55:29 +01:00
rewrite ♻️ refactor: merge some external middlewares to core (#2453) 2023-05-10 08:01:49 +02:00
session 🚨 Test: race in session middleware tests (#2740) 2023-11-27 14:38:31 +01:00
skip 📝 docs: remove README.mds from middleware dirs 2023-03-06 16:42:35 +03:00
timeout 🚀 Add Logger interface and fiberlog (#2499) 2023-06-26 08:16:57 +02:00