Skip to content

Commit

Permalink
lowercase origin before checking cors
Browse files Browse the repository at this point in the history
  • Loading branch information
@emicklei
emicklei committed Jun 4, 2022
1 parent 363acea commit 9e49191
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
5 changes: 3 additions & 2 deletions cors_filter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,16 +132,17 @@ func (c CrossOriginResourceSharing) isOriginAllowed(origin string) bool {
if len(origin) == 0 {
return false
}
lowerOrigin := strings.ToLower(origin)
if len(c.AllowedDomains) == 0 {
if c.AllowedDomainFunc != nil {
return c.AllowedDomainFunc(origin)
return c.AllowedDomainFunc(lowerOrigin)
}
return true
}

// exact match on each allowed domain
for _, domain := range c.AllowedDomains {
if domain == ".*" || domain == origin {
if domain == ".*" || strings.ToLower(domain) == lowerOrigin {
return true
}
}
Expand Down
3 changes: 3 additions & 0 deletions cors_filter_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,9 @@ func TestCORSFilter_AllowedDomainFunc(t *testing.T) {
if got, want := cors.isOriginAllowed("here"), true; got != want {
t.Errorf("got [%v:%T] want [%v:%T]", got, got, want, want)
}
if got, want := cors.isOriginAllowed("HERE"), true; got != want {
t.Errorf("got [%v:%T] want [%v:%T]", got, got, want, want)
}
if got, want := cors.isOriginAllowed("there"), true; got != want {
t.Errorf("got [%v:%T] want [%v:%T]", got, got, want, want)
}
Expand Down

0 comments on commit 9e49191

Please sign in to comment.