Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 [Bug]: CORS middleware should ignore config AllowedOrigins when AllowedOriginsFunc is defined #2770

Closed
3 tasks done
muhammadkholidb opened this issue Dec 21, 2023 · 1 comment · Fixed by #2771
Closed
3 tasks done

🐛 [Bug]: CORS middleware should ignore config AllowedOrigins when AllowedOriginsFunc is defined #2770

muhammadkholidb opened this issue Dec 21, 2023 · 1 comment · Fixed by #2771
Labels
👍 Accepting PR ☢️ Bug

Comments

@muhammadkholidb
Copy link
Contributor

muhammadkholidb commented Dec 21, 2023
edited
Loading

Bug Description

I tried to set the CORS config AllowedOriginsFunc to define my custom logic for Origin header handling. The response always returned * in the Access-Control-Allow-Origin header. I expected the header to contain the origin allowed by the AllowedOriginFunc config I defined before.

I checked the code and found that the AllowedOrigins config was set to * when it was empty, which IMO is not required if the AllowedOriginsFunc config is already defined. When the user sets the AllowedOriginsFunc then they should know that the AllowedOrigins config will not be used or ignored.

I think this is a bug and should be fixed. I can make time for it. Let me know if you think otherwise. Thank you.

How to Reproduce

  1. Set CORS middleware with only AllowedOriginsFunc config defined.
  2. The preflight (OPTIONS) request will always return Access-Control-Allow-Origin header with value *.

Expected Behavior

The middleware should return Access-Control-Allow-Origin header with a value containing the origin allowed by AllowedOriginsFunc config instead of *.

Fiber Version

2.49.2

Code Snippet (optional)

package main

import "github.com/gofiber/fiber/v2"
import "github.com/gofiber/fiber/v2/middleware/cors"
import "log"
import "strings"

func main() {
  app := fiber.New()

  // Steps to reproduce
  app.Use(cors.New(cors.Config{
    AllowOriginsFunc: func(origin string) bool {
      // Complicated logic here
      return strings.HasSuffix(origin, "example.com:13131")
    },
  }))

  log.Fatal(app.Listen(":3000"))
}

Checklist:

  • I agree to follow Fiber's Code of Conduct.
  • I have checked for existing issues that describe my problem prior to opening this one.
  • I understand that improperly formatted bug reports may be closed without explanation.
@welcome Welcome
Copy link

welcome bot commented Dec 21, 2023

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

@muhammadkholidb muhammadkholidb mentioned this issue Dec 22, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👍 Accepting PR ☢️ Bug
Projects
None yet
Milestone
No milestone
2 participants
@ReneWerner87 @muhammadkholidb