Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce cors.Config.AllowOriginRequestFunc #60

Merged
merged 1 commit into from Aug 26, 2018
Merged

Introduce cors.Config.AllowOriginRequestFunc #60

merged 1 commit into from Aug 26, 2018

Conversation

aeneasr
Copy link
Contributor

@aeneasr aeneasr commented Aug 26, 2018

This patch introduces cors.Config.AllowOriginRequestFunc ( func (r *http.Request origin string) bool) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of AllowedOrigins and AllowOriginFunc is ignored

Closes #59

Introduce cors.Config.AllowOriginRequestFunc
c734f7a 
This patch introduces cors.Config.AllowOriginRequestFunc ( `func (r *http.Request origin string) bool`) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored

Closes rs#59

Signed-off-by: arekkas <aeneas@ory.am>
This was referenced Aug 26, 2018
Merged
Closed
@rs rs merged commit dc7332a into rs:master Aug 26, 2018
@aeneasr
Copy link
Contributor Author

aeneasr commented Aug 26, 2018

THanks!

@jub0bs
Copy link
Contributor

jub0bs commented Sep 19, 2022
edited

I perceive AllowOriginRequestFunc as a misfeature, because it opens the door to cache poisoning: users have indeed no way of listing the names of whatever request headers they use in AllowOriginRequestFunc to the Vary header.

@jub0bs jub0bs mentioned this pull request Aug 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pass r *http.Request to AllowOriginFunc
3 participants
@aeneasr @jub0bs @rs