Add "Access-Control-Allow-Origin" header to AllowHeaders

gin-contrib / cors

Official CORS gin's middleware

https://gin-gonic.github.io/gin/

MIT License

1.79k stars 186 forks source link

Add "Access-Control-Allow-Origin" header to AllowHeaders #110

Closed santosh closed 2 years ago

santosh commented 2 years ago

When client sends Access-Control-Allow-Origin, server must respond with the same domain(s). If not done, preflight response fails.

With this change, AllowHeaders slice has Access-Control-Allow-Origin present, which does nod need any additional configuration and works out of the box on cors.Default().

This is a fix to #84.

jub0bs commented 2 years ago

Access-Control-Allow-Origin (ACAO, for short) never belongs in a request, as it is a response header. Therefore, you should never need to list that header name in the Access-Control-Allow-Headers. Clients who add the ACAO header to their requests are misguided, and can safely stop doing so.

santosh commented 2 years ago

Actually you are correct. I'm taking this PR back. Thanks for pointing out.

But when I made the change, it worked for some reason. Thanks anyways.