search

gin-contrib / cors

Official CORS gin's middleware
https://gin-gonic.github.io/gin/
MIT License
1.77k stars 181 forks source link

Fixed issue with missing allow-origin-header when AllowCredentials #18

Closed daku closed 7 years ago

daku commented 7 years ago

Fixed issue with missing allow-origin-header when AllowCredentials is true.

codecov-io commented 7 years ago

Codecov Report

Merging #18 into master will not change coverage. The diff coverage is 100%.

@@          Coverage Diff           @@
##           master     #18   +/-   ##
======================================
  Coverage    90.9%   90.9%           
======================================
  Files           3       3           
  Lines         121     121           
======================================
  Hits          110     110           
  Misses         11      11
Impacted Files Coverage Δ
config.go 97.56% <100%> (ø) :white_check_mark:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update bec00ec...e0fc9a9. Read the comment docs.

daku commented 7 years ago

When allowAllOrigins is false and allowCredentails true, the cors library is not adding the Access-Control-Allow-Origin header.

Fixed to the best of my knowledge: if allowAllOrigins is false then add the Access-Control-Allow-Origin header with a specific origin (of current request). When allowAllOrigins is true, the library already places a '*' as the value of the allow-origin header and so no change was needed in this case.

appleboy commented 7 years ago

Already fixed https://github.com/gin-contrib/cors/blob/master/config.go#L51-L53

appleboy commented 7 years ago

ref: https://github.com/gin-contrib/cors/pull/16