CORS middleware is not working properly and documentation is wrong

[flamedmg]

Description

I used configuration as described here: https://echo.labstack.com/middleware/cors and got error message in browser console:
The 'Access-Control-Allow-Origin' header contains multiple values 'http://labstack.com,https://labstack.net', but only one is allowed. Origin 'http://labstack.com' is therefore not allowed access.

e := echo.New()
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
  AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
}))

As stackoverflow says us: http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains?rq=1 - behavior of this middleware is not correct and it should return just one origin and only if it's correct.

Here is sample code i used:

package main

import (
	"net/http"

	"github.com/labstack/echo"
	"github.com/labstack/echo/middleware"
	"fmt"
	b64 "encoding/base64"
	"github.com/parnurzeal/gorequest"
)

func main() {
	e := echo.New()

	e.Use(middleware.RecoverWithConfig(middleware.RecoverConfig{
		StackSize:  1 << 10, // 1 KB
	}))

	e.Use(middleware.CORS())

	e.POST("/go/:type", func(c echo.Context) error {
			return  c.String(http.StatusOK, "Accepted.")
	})
	e.Logger.Fatal(e.Start(":8080"))
}

Please advise

[flamedmg]

Code to reproduce an issue:

[rou-bai]

感激

[sakibcoolz]

below code i have given ip in AllowOrigins but still, api accepts other ip request like '10.0.2.105' i think
so u have show perfect document for that
func CorsPolicy() middleware.CORSConfig { mid := middleware.CORSConfig{ AllowOrigins: []string{"10.0.2.102"}, AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete}, AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept}, } return mid }

[huypvw]

Anyone resolve it? @@