Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Main v2 merge #2944

Merged
merged 48 commits into from
Mar 28, 2024
Merged
Changes from 1 commit
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
2d3027e
Update pull_request_template.md
ReneWerner87 Dec 3, 2023
9bcc7f3
Update v3-changes.md
ReneWerner87 Dec 3, 2023
a80b288
Update CONTRIBUTING.md (#2752)
tokelo-12 Dec 5, 2023
e4d7e84
chore(encryptcookie)!: update default config (#2753)
sixcolors Dec 7, 2023
8aa8868
build(deps): bump actions/setup-go from 4 to 5 (#2754)
dependabot[bot] Dec 7, 2023
c441bdf
🩹 middleware/logger/: log client IP address by default (#2755)
iredmail Dec 8, 2023
b185083
fix: don't constrain middlewares' context-keys to strings :bug: (#2751)
benjajaja Dec 12, 2023
090acbb
📚 Update app.md for indentation (#2761)
MehmetFiratKomurcu Dec 13, 2023
c3fed55
build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
dependabot[bot] Dec 13, 2023
b0925dc
build(deps): bump github/codeql-action from 2 to 3 (#2763)
dependabot[bot] Dec 16, 2023
dc2d2ef
Changing default log output (#2730)
brunodmartins Dec 18, 2023
43fa236
Update hooks.md
ReneWerner87 Dec 19, 2023
1fac52a
🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc conf…
muhammadkholidb Dec 22, 2023
c49faf9
🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
ReneWerner87 Dec 22, 2023
d6c8876
🩹🚨 - fix for redirect with query params (#2748)
gilwo Dec 22, 2023
38eb4bd
♻️ logger/middleware colorize logger error message #2593 (#2773)
ReneWerner87 Dec 23, 2023
6249bc4
:sparkles: feat: add liveness and readiness checks (#2509)
luk3skyw4lker Jan 3, 2024
89f551b
prepare release v2.52.0
ReneWerner87 Jan 5, 2024
476e1ed
fix healthcheck.md
ReneWerner87 Jan 5, 2024
2e66937
configure workflows for V2 branch
ReneWerner87 Jan 6, 2024
7ba3137
configure workflows for V2 branch
ReneWerner87 Jan 6, 2024
e524b73
Fix default value to false in docs of QueryBool (#2811)
CAEL0 Jan 28, 2024
8325ed0
update queryParser config
ReneWerner87 Feb 6, 2024
56d2ec7
Update ctx.md
ReneWerner87 Feb 6, 2024
4e0f180
Update routing.md
ReneWerner87 Feb 8, 2024
a84a7ce
:books: Doc: Fix code snippet indentation in /docs/api/middleware/key…
grivera64 Feb 19, 2024
cf54c25
Merge pull request #2867 from grivera64/v2
gaby Feb 19, 2024
5e30112
fix: healthcheck middleware not working with route group (#2863)
luk3skyw4lker Feb 19, 2024
f0cd3b4
Merge pull request from GHSA-fmg4-x8pw-hjhg
gaby Feb 21, 2024
f9fcb02
Update app.go
ReneWerner87 Feb 21, 2024
70f21d5
fix cors domain normalize
ReneWerner87 Feb 21, 2024
0df0e08
fix sync-docs workflow
ReneWerner87 Feb 21, 2024
ddc6b23
fix sync-docs workflow
ReneWerner87 Feb 21, 2024
d456e7d
fix(middleware/cors): Validation of multiple Origins (#2883)
sixcolors Mar 1, 2024
109e91a
prepare release v2.52.2
ReneWerner87 Mar 2, 2024
68d90cd
refactor(docs): deactivate docs sync for v2
ReneWerner87 Mar 2, 2024
d2b19e2
refactor(docs): deactivate docs sync for v2
ReneWerner87 Mar 2, 2024
1aac6f6
fix(middleware/cors): Handling and wildcard subdomain matching (#2915)
sixcolors Mar 17, 2024
1607d87
fix(middleware/cors): Categorize requests correctly (#2921)
sixcolors Mar 20, 2024
ba10e68
test(middleware/csrf): Fix Benchmark Tests (#2932)
sixcolors Mar 25, 2024
43d5091
Prepare release v2.52.3
ReneWerner87 Mar 25, 2024
e574c0d
fix(middleware/cors): CORS handling (#2937)
sixcolors Mar 26, 2024
a6f4c13
fix(middleware/cors): Vary header handling non-cors OPTIONS requests …
sixcolors Mar 26, 2024
fd811cf
prepare release v2.52.4
ReneWerner87 Mar 26, 2024
464d667
Merge remote-tracking branch 'origin/v2'
ReneWerner87 Mar 28, 2024
08db30e
merge v2 in main(v3)
ReneWerner87 Mar 28, 2024
a910451
merge v2 in main(v3)
ReneWerner87 Mar 28, 2024
2f7d837
merge v2 in main(v3)
ReneWerner87 Mar 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc conf…
…ig when AllowedOrigins is empty (#2771)
muhammadkholidb authored Dec 22, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 1fac52a42af3f9a4981de71e27b4edd6090dac31
7 changes: 4 additions & 3 deletions middleware/cors/cors.go
Original file line number Diff line number Diff line change
@@ -94,13 +94,14 @@ func New(config ...Config) fiber.Handler {
if cfg.AllowMethods == "" {
cfg.AllowMethods = ConfigDefault.AllowMethods
}
if cfg.AllowOrigins == "" {
// When none of the AllowOrigins or AllowOriginsFunc config was defined, set the default AllowOrigins value with "*"
if cfg.AllowOrigins == "" && cfg.AllowOriginsFunc == nil {
cfg.AllowOrigins = ConfigDefault.AllowOrigins
}
}

// Warning logs if both AllowOrigins and AllowOriginsFunc are set
if cfg.AllowOrigins != ConfigDefault.AllowOrigins && cfg.AllowOriginsFunc != nil {
if cfg.AllowOrigins != "" && cfg.AllowOriginsFunc != nil {
log.Warn("[CORS] Both 'AllowOrigins' and 'AllowOriginsFunc' have been defined.")
}

@@ -145,7 +146,7 @@ func New(config ...Config) fiber.Handler {
// Run AllowOriginsFunc if the logic for
// handling the value in 'AllowOrigins' does
// not result in allowOrigin being set.
if (allowOrigin == "" || allowOrigin == ConfigDefault.AllowOrigins) && cfg.AllowOriginsFunc != nil {
if allowOrigin == "" && cfg.AllowOriginsFunc != nil {
if cfg.AllowOriginsFunc(origin) {
allowOrigin = origin
}
201 changes: 198 additions & 3 deletions middleware/cors/cors_test.go
Original file line number Diff line number Diff line change
@@ -331,9 +331,9 @@ func Test_CORS_AllowOriginsFunc(t *testing.T) {
// Perform request
handler(ctx)

// Allow-Origin header should be "*" because http://google.com does not satisfy 'strings.Contains(origin, "example-2")'
// and AllowOrigins has not been set so the default "*" is used
utils.AssertEqual(t, "*", string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
// Allow-Origin header should be empty because http://google.com does not satisfy 'strings.Contains(origin, "example-2")'
// and AllowOrigins has not been set
utils.AssertEqual(t, "", string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))

ctx.Request.Reset()
ctx.Response.Reset()
@@ -348,3 +348,198 @@ func Test_CORS_AllowOriginsFunc(t *testing.T) {
// Allow-Origin header should be "http://example-2.com"
utils.AssertEqual(t, "http://example-2.com", string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
}

func Test_CORS_AllowOriginsAndAllowOriginsFunc_AllUseCases(t *testing.T) {
testCases := []struct {
Name string
Config Config
RequestOrigin string
ResponseOrigin string
}{
{
Name: "AllowOriginsDefined/AllowOriginsFuncUndefined/OriginAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: nil,
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsDefined/AllowOriginsFuncUndefined/OriginNotAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: nil,
},
RequestOrigin: "http://bbb.com",
ResponseOrigin: "",
},
{
Name: "AllowOriginsDefined/AllowOriginsFuncReturnsTrue/OriginAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: func(origin string) bool {
return true
},
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsDefined/AllowOriginsFuncReturnsTrue/OriginNotAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: func(origin string) bool {
return true
},
},
RequestOrigin: "http://bbb.com",
ResponseOrigin: "http://bbb.com",
},
{
Name: "AllowOriginsDefined/AllowOriginsFuncReturnsFalse/OriginAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: func(origin string) bool {
return false
},
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsDefined/AllowOriginsFuncReturnsFalse/OriginNotAllowed",
Config: Config{
AllowOrigins: "http://aaa.com",
AllowOriginsFunc: func(origin string) bool {
return false
},
},
RequestOrigin: "http://bbb.com",
ResponseOrigin: "",
},
{
Name: "AllowOriginsEmpty/AllowOriginsFuncUndefined/OriginAllowed",
Config: Config{
AllowOrigins: "",
AllowOriginsFunc: nil,
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "*",
},
{
Name: "AllowOriginsEmpty/AllowOriginsFuncReturnsTrue/OriginAllowed",
Config: Config{
AllowOrigins: "",
AllowOriginsFunc: func(origin string) bool {
return true
},
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsEmpty/AllowOriginsFuncReturnsFalse/OriginNotAllowed",
Config: Config{
AllowOrigins: "",
AllowOriginsFunc: func(origin string) bool {
return false
},
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "",
},
}

for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
app := fiber.New()
app.Use("/", New(tc.Config))

handler := app.Handler()

ctx := &fasthttp.RequestCtx{}
ctx.Request.SetRequestURI("/")
ctx.Request.Header.SetMethod(fiber.MethodOptions)
ctx.Request.Header.Set(fiber.HeaderOrigin, tc.RequestOrigin)

handler(ctx)

utils.AssertEqual(t, tc.ResponseOrigin, string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
})
}
}

// The fix for issue #2422
func Test_CORS_AllowCredetials(t *testing.T) {
testCases := []struct {
Name string
Config Config
RequestOrigin string
ResponseOrigin string
}{
{
Name: "AllowOriginsFuncDefined",
Config: Config{
AllowCredentials: true,
AllowOriginsFunc: func(origin string) bool {
return true
},
},
RequestOrigin: "http://aaa.com",
// The AllowOriginsFunc config was defined, should use the real origin of the function
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsFuncNotDefined",
Config: Config{
AllowCredentials: true,
},
RequestOrigin: "http://aaa.com",
// None of the AllowOrigins or AllowOriginsFunc config was defined, should use the default origin of "*"
// which will cause the CORS error in the client:
// The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*'
// when the request's credentials mode is 'include'.
ResponseOrigin: "*",
},
{
Name: "AllowOriginsDefined",
Config: Config{
AllowCredentials: true,
AllowOrigins: "http://aaa.com",
},
RequestOrigin: "http://aaa.com",
ResponseOrigin: "http://aaa.com",
},
{
Name: "AllowOriginsDefined/UnallowedOrigin",
Config: Config{
AllowCredentials: true,
AllowOrigins: "http://aaa.com",
},
RequestOrigin: "http://bbb.com",
ResponseOrigin: "",
},
}

for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
app := fiber.New()
app.Use("/", New(tc.Config))

handler := app.Handler()

ctx := &fasthttp.RequestCtx{}
ctx.Request.SetRequestURI("/")
ctx.Request.Header.SetMethod(fiber.MethodOptions)
ctx.Request.Header.Set(fiber.HeaderOrigin, tc.RequestOrigin)

handler(ctx)

if tc.Config.AllowCredentials {
utils.AssertEqual(t, "true", string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowCredentials)))
}
utils.AssertEqual(t, tc.ResponseOrigin, string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
})
}
}