-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AllowOriginFunc is set, but the content of AllowedOrigins is not ignored #80
Comments
This is indeed reproducible in v1.9.0. Contrary to what the doc claims,
{
"AllowedOriginsPlusAllowOriginFunc",
Options{
AllowedOrigins: []string{"*"},
AllowOriginFunc: func(origin string) bool {
return true
},
},
"GET",
map[string]string{
"Origin": "http://foobar.com",
},
map[string]string{
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
},
true,
}, It fails: --- FAIL: TestSpec (0.00s)
--- FAIL: TestSpec/AllowedOriginsPlusAllowOriginFunc (0.00s)
--- FAIL: TestSpec/AllowedOriginsPlusAllowOriginFunc/Handler (0.00s)
cors_test.go:33: Response header "Access-Control-Allow-Origin" = "", want "http://foobar.com"
--- FAIL: TestSpec/AllowedOriginsPlusAllowOriginFunc/HandlerFunc (0.00s)
cors_test.go:33: Response header "Access-Control-Allow-Origin" = "", want "http://foobar.com"
--- FAIL: TestSpec/AllowedOriginsPlusAllowOriginFunc/Negroni (0.00s)
cors_test.go:33: Response header "Access-Control-Allow-Origin" = "", want "http://foobar.com" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The last sentence of the following description in the README does not seem to be strict (when
AllowCredentials:true
is set).I wrote the following code:
When I made a request to the server, my browser console reported a cross-domain error:
If I comment out
AllowedOrigins: []string{"*"}
, there will be no problem.The text was updated successfully, but these errors were encountered: