cors icon indicating copy to clipboard operation
cors copied to clipboard
verified publisher icon rs

Optmize allow-headers check by removing duplicate values

Open TC-AVNP opened this issue 3 years ago • 2 comments

Prevents having an Allowed list with repeated values to iterate over.

Example: When configuring "Origin" as an Allowed header, the list would be comprised of: []string{"Origin","Origin"}, lead to an unnecessary additional loop.

TC-AVNP avatar Oct 24 '22 18:10 TC-AVNP

I believe this will fix problems when there may be proxied requests, which can cause an HTTP response with multiple headers, which Chrome rejects with:

Access to XMLHttpRequest at 'http://localhost:...' from origin '...' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

This can be worked around in the application code by stripping headers, but it seems to me that this middleware should replace headers itself, rather than adding to them.

evanj avatar Apr 10 '23 15:04 evanj

Oops sorry so, I misunderstood this PR, never mind!

evanj avatar Apr 10 '23 16:04 evanj

@rs Now that https://github.com/rs/cors/pull/171 has been merged, you can close this PR.

jub0bs avatar Apr 24 '24 12:04 jub0bs