Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix cors * behavior #2338 #2339

Merged

Conversation

ryand67
Copy link
Contributor

@ryand67 ryand67 commented Feb 20, 2023

Description

This change will replace the HeaderAccessControlAllowOrigin response header with * rather than reflecting the Origin of the requestor, preventing user exposure to cross origin attacks as mentioned in the issue.

Fixes # 2338

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • For new functionalities I follow the inspiration of the express js framework and built them similar in usage
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation - https://github.com/gofiber/docs for https://docs.gofiber.io/
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • If new dependencies exist, I have checked that they are really necessary and agreed with the maintainers/community (we want to have as few dependencies as possible)
  • I tried to make my code as fast as possible with as few allocations as possible

Commit formatting:

Use emojis on commit messages so it provides an easy way of identifying the purpose or intention of a commit. Check out the emoji cheatsheet here: https://gitmoji.carloscuesta.me/

@welcome
Copy link

welcome bot commented Feb 20, 2023

Thanks for opening this pull request! 🎉 Please check out our contributing guidelines. If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

@ryand67 ryand67 force-pushed the feature/cors-wildcard-bypass-2338 branch from 3476e2f to d40ad2b Compare February 20, 2023 21:21
@ReneWerner87 ReneWerner87 linked an issue Feb 20, 2023 that may be closed by this pull request
3 tasks
@ReneWerner87 ReneWerner87 merged commit b634ba0 into gofiber:master Feb 20, 2023
@welcome
Copy link

welcome bot commented Feb 20, 2023

Congrats on merging your first pull request! 🎉 We here at Fiber are proud of you! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

@ReneWerner87 ReneWerner87 mentioned this pull request Mar 28, 2023
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🚀 [Feature]: stop dangerously bypassing the wildcard exception (CORS)
2 participants