-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(middleware/cors): Merge changes from v2 (#2922)
* fix(middleware/cors): Handling and wildcard subdomain matching (#2915) * fix: allow origins check Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic. fixes #2882 * test: AllowOrigins with whitespace * test(middleware/cors): add benchmarks * chore: fix linter errors * test(middleware/cors): use h() instead of app.Test() * test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme * chore: refactor validate and normalize * test(cors/middleware): add more benchmarks * fix(middleware/cors): handling and wildcard subdomain matching docs(middleware/cors): add How it works and Security Considerations * chore: grammar * Apply suggestions from code review Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * chore: fix misspelling * test(middleware/cors): combine Invalid_Origins tests * refactor(middleware/cors): headers handling * docs(middleware/cors): Update AllowOrigins description * chore: merge * perf(middleware/cors): optimize handler * perf(middleware/cors): optimize handler * chore(middleware/cors): ipdate origin handling logic * chore(middleware/cors): fix header capitalization * docs(middleware/cors): improve sercuity notes * docs(middleware/cors): Improve security notes * docs(middleware/cors): improve CORS overview * docs(middleware/cors): fix ordering of how it works * docs(middleware/cors): add additional info to How to works * docs(middleware/cors): rm space * docs(middleware/cors): add validation for AllowOrigins origins to overview * docs(middleware/cors): update ExposeHeaders and MaxAge descriptions * docs(middleware/cors): Add dynamic origin validation example * docs(middleware/cors): Improve security notes and fix header capitalization * docs(middleware/cors): configuration examples * docs(middleware/cors): `"*"` --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * test(middleware/cors): improve test coverage for request types * chore(middleware/cors): fix v2 merge issues * test(middleware/cors): Add subdomain matching tests * fix(middleware/cors): Update Next function signature * test(middleware/cors): Add benchmark for CORS subdomain matching * test(middleware/cors): cover additiona test cases * refactor(middleware/cors): origin validation and normalization --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Loading branch information
1 parent
43dc60f
commit 7fa8b2d
Showing
5 changed files
with
540 additions
and
171 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
7fa8b2d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold
2
.Benchmark_CORS_NewHandler
762.7
ns/op 16 B/op 1 allocs/op278.3
ns/op 0 B/op 0 allocs/op2.74
Benchmark_CORS_NewHandlerParallel
368.9
ns/op 16 B/op 1 allocs/op126.5
ns/op 0 B/op 0 allocs/op2.92
Benchmark_CORS_NewHandlerSingleOrigin
764.8
ns/op 16 B/op 1 allocs/op283.9
ns/op 0 B/op 0 allocs/op2.69
Benchmark_CORS_NewHandlerSingleOriginParallel
367.8
ns/op 16 B/op 1 allocs/op126.3
ns/op 0 B/op 0 allocs/op2.91
Benchmark_CORS_NewHandlerWildcard
673.4
ns/op 16 B/op 1 allocs/op206.8
ns/op 0 B/op 0 allocs/op3.26
Benchmark_CORS_NewHandlerWildcardParallel
324.4
ns/op 16 B/op 1 allocs/op93.06
ns/op 0 B/op 0 allocs/op3.49
Benchmark_Etag
200
ns/op 0 B/op 0 allocs/op98.08
ns/op 0 B/op 0 allocs/op2.04
Benchmark_Middleware_Favicon
212.4
ns/op 12 B/op 4 allocs/op90.01
ns/op 3 B/op 1 allocs/op2.36
This comment was automatically generated by workflow using github-action-benchmark.