Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(middleware/cors): Categorize requests correctly #2921

Merged
merged 7 commits into from
Mar 20, 2024

Conversation

sixcolors
Copy link
Member

@sixcolors sixcolors commented Mar 17, 2024

PR Comment:

Summary:

This PR refines the CORS middleware handling, particularly addressing scenarios where the request lacks specific headers necessary for CORS processing. It also enhances testing coverage for various request types and configurations.

Changes Made:

  • Middleware Logic Adjustment:
    • Improved handling for requests lacking the Origin and Access-Control-Request-Method headers, clearly defining them as outside the CORS scope.
    • Simplified response header setting for simple requests, optimizing performance.
    • Enhanced handling for requests with AllowCredentials set to true, ensuring proper behavior regarding the Access-Control-Allow-Origin header.
  • Test Coverage Expansion:
    • Added tests covering scenarios of requests without necessary CORS headers, ensuring correct handling.
    • Extended test scenarios for various request types and configurations, bolstering overall testing coverage.

Notes for Review:

  • Logic Clarity: The logic around determining the CORS scope has been refined for better clarity and performance. Please review to ensure it aligns with our CORS handling requirements.
  • Testing: Additional tests have been added to cover a wide range of request scenarios. Kindly review to ensure comprehensive coverage and correctness.
  • Performance Impact: The adjustments made aim to optimize performance, particularly in simplifying response header setting. However, please assess if there are any unintended performance impacts.
  • Error Handling: As we're refining middleware handling, it's crucial to ensure error handling remains robust. Please verify error paths and edge cases are adequately addressed.

Fixes #2920

Summary by CodeRabbit

  • Documentation
    • Improved grammar in contribution guidelines.
    • Updated pull request template and URLs.
    • Enhanced middleware documentation for better clarity and usage instructions.
    • Updated API documentation with corrections and new logging tags.
    • Added a new healthcheck middleware guide.
    • Corrected typo related to route constraints in the routing guide.
  • New Features
    • Introduced configurations for version tagging and commit filtering in release drafter.
    • Added handling for release events in documentation synchronization.
    • Implemented enhanced CORS functionality, including dynamic origin evaluation and improved security checks.
    • Introduced health check middleware for monitoring application liveness and readiness.
  • Bug Fixes
    • Corrected default behavior of QueryBool function to return false for invalid inputs.
    • Fixed redirection logic to include query strings in the redirected URL.
  • Refactor
    • Updated GitHub Actions workflows to trigger on v2 branch and upgraded actions versions.
    • Changed ContextKey types from string to interface{} across various middleware configurations for increased flexibility.
    • Updated logging middleware to include new tags and conditional color formatting.
  • Tests
    • Enhanced test coverage for parsing functionalities and middleware behavior, including CORS normalization and redirection with query parameters.

@sixcolors sixcolors requested a review from a team as a code owner March 17, 2024 15:35
@sixcolors sixcolors requested review from gaby, ReneWerner87 and efectn and removed request for a team March 17, 2024 15:35
Copy link
Contributor

coderabbitai bot commented Mar 17, 2024

Warning

Rate Limit Exceeded

@sixcolors has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 25 minutes and 37 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.
Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.
Please see our FAQ for further information.

Commits Files that changed from the base of the PR and between b5b6c9f and 38ab39b.

Walkthrough

The recent changes encompass a range of enhancements across middleware, workflows, and documentation in the project. Noteworthy updates include refining CORS middleware functionality, adjusting workflow triggers to target the v2 branch specifically, and enhancing middleware configuration flexibility. Additionally, improvements in unit testing and documentation aim to align with the latest features and coding standards, enhancing project efficiency, security, and usability.

Changes

Files Change Summary
.github/... Updated workflow triggers to v2; upgraded actions; introduced new configurations for release drafting.
app.go, ctx.go, ctx_test.go Updated version constant; modified default behavior of QueryBool; added new test functions.
docs/api/..., docs/guide/... Corrected documentation; updated types and logging; introduced new middleware functionalities.
middleware/..., middleware/.../config.go, middleware/.../cors.go Enhanced CORS handling; updated middleware configurations for flexibility; improved redirection and logging.

Assessment against linked issues

Objective Addressed Explanation
Identify and rectify misclassification of OPTIONS requests by CORS middleware. [#2920]
Ensure OPTIONS requests without specific headers are not treated as preflight requests. [#2920]
Allow OPTIONS requests to hit user-registered endpoints like /hello. [#2920]
Update behavior for /hello to respond correctly to OPTIONS requests with 204 No Content. [#2920] Specific response details not explicitly outlined.
Verify compliance with Fetch standard for categorizing OPTIONS requests. [#2920] Alignment with standard not explicitly mentioned.

Related issues

Poem

In the realm of code where changes play,
A dance of updates in the light of day.
Middleware whispers, workflows gleam,
v2 branch shines in the codebase stream. 🌟
Documents align, tests embrace,
Project evolution sets the pace.
🐰 "Hoppity hop," the CodeRabbit cheers,
Through the codebase maze, progress nears!

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

@sixcolors
Copy link
Member Author

@jub0bs please reply and I'll add you for review.

@sixcolors sixcolors changed the base branch from main to v2 March 17, 2024 15:36
@sixcolors sixcolors added the v2 label Mar 17, 2024
@sixcolors sixcolors added this to the Next Release milestone Mar 17, 2024
@sixcolors
Copy link
Member Author

@coderabbitai I changed the target branch to v2, re-do your review and summary.

Copy link
Contributor

coderabbitai bot commented Mar 17, 2024

Tip

For best results, initiate chat on the files or code changes.

@sixcolors, based on the changes made in the PR against the v2 branch, here's a summary of the modifications:

Summary of Changes

  • CORS Middleware (cors.go): Adjustments have been made to ensure that not all OPTIONS requests are treated as preflight requests. Now, a request must have both Origin and Access-Control-Request-Method headers to be considered a preflight request. This aligns with the Fetch standard and the PR objectives. Additionally, for simple requests (non-preflight), the Allow-Methods and Allow-Headers are omitted, as they are only relevant for preflight requests.
  • CORS Middleware Tests (cors_test.go): New tests have been added to validate the behavior of CORS middleware under various conditions, including with and without the Origin and Access-Control-Request-Method headers. These tests ensure that the middleware behaves correctly for both preflight and simple requests, adhering to the updated logic.

Key Observations

  • The changes specifically address the incorrect classification of OPTIONS requests as preflight requests by requiring both Origin and Access-Control-Request-Method headers for such classification.
  • The CORS middleware now correctly allows OPTIONS requests without the Access-Control-Request-Method header to pass through, enabling them to reach user-registered endpoints.
  • The addition of tests ensures that the new behavior is thoroughly verified against various request scenarios.

These changes align with the PR objectives to correct the misclassification of OPTIONS requests and enhance the project's adherence to standards and overall functionality.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Switch to the v2 branch to analyze the changes made in the PR.
git checkout v2
# List the files changed in the PR to focus the review on those files.
git diff --name-only HEAD..origin/PR-2921
# Specifically, review changes related to CORS middleware, documentation, and tests.
git diff HEAD..origin/PR-2921 -- middleware/cors/*
git diff HEAD..origin/PR-2921 -- README.md
git diff HEAD..origin/PR-2921 -- **/*_test.go

Length of output: 929



Script:

#!/bin/bash
# Fetch the changes from PR 2921 into a local branch for comparison.
git fetch origin pull/2921/head:pr-2921-changes
# Checkout the v2 branch.
git checkout v2
# Compare the v2 branch with the changes from PR 2921.
git diff --name-only v2 pr-2921-changes
# Assuming middleware/cors and tests are relevant, attempt to review changes in those areas.
git diff v2 pr-2921-changes -- middleware/cors/
git diff v2 pr-2921-changes -- README.md
git diff v2 pr-2921-changes -- **/*_test.go

Length of output: 13558

@gaby gaby changed the title fix(middleware/cors): corscategorise requests correctly fix(middleware/cors): Categorise requests correctly Mar 17, 2024
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between b9430ec and de3f4ab.
Files selected for processing (1)
  • middleware/cors/cors_test.go (18 hunks)
Files skipped from review as they are similar to previous changes (1)
  • middleware/cors/cors_test.go

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between de3f4ab and b5b6c9f.
Files selected for processing (1)
  • middleware/cors/utils_test.go (3 hunks)
Files skipped from review as they are similar to previous changes (1)
  • middleware/cors/utils_test.go

@gaby gaby changed the title fix(middleware/cors): Categorise requests correctly fix(middleware/cors): Categorize requests correctly Mar 18, 2024
@gaby
Copy link
Member

gaby commented Mar 18, 2024

Will review today

Copy link
Member

@gaby gaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ReneWerner87 ReneWerner87 merged commit 1607d87 into v2 Mar 20, 2024
19 of 20 checks passed
@sixcolors sixcolors deleted the 2920-corscategorise-requests-correctly branch March 27, 2024 01:17
ReneWerner87 added a commit that referenced this pull request Mar 28, 2024
* Update pull_request_template.md

* Update v3-changes.md

* Update CONTRIBUTING.md (#2752)

Grammar correction.

* chore(encryptcookie)!: update default config (#2753)

* chore(encryptcookie)!: update default config

docs(encryptcookie): enhance documentation and examples

BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.

* docs(encryptcookie): reads or modifies cookies

* chore(encryptcookie): csrf config example

* docs(encryptcookie): md table spacing

* build(deps): bump actions/setup-go from 4 to 5 (#2754)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* 🩹 middleware/logger/: log client IP address by default (#2755)

* middleware/logger: Log client IP address by default.

* Update doc.

* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)

* Revert "Revert ":bug: requestid.Config.ContextKey is interface{} (#2369)" (#2742)"

This reverts commit 28be17f.

* fix: request ContextKey default value condition

Should check for `nil` since it is `any`.

* fix: don't constrain middlewares' context-keys to strings

`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.

The official go blog also recommends this https://go.dev/blog/context.

`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.

But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.

This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.

* 📚 Update app.md for indentation (#2761)

Update app.md for indentation

* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](google/uuid@v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 2 to 3 (#2763)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Changing default log output (#2730)

changing default log output

Closes #2729

* Update hooks.md

fix wrong hooks signature

* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)

* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)

* 🩹🚨 - fix for redirect with query params (#2748)

* redirect with query params did not work, fix it and add test for it

* redirect middleware - fix test typo

* ♻️ logger/middleware colorize logger error message #2593 (#2773)

* ✨ feat: add liveness and readiness checks (#2509)

* ✨ feat: add liveness and readiness checkers

* 📝 docs: add docs for liveness and readiness

* ✨ feat: add options method for probe checkers

* ✅ tests: add tests for liveness and readiness

* ♻️ refactor: change default endpoint values

* ♻️ refactor: change default value for liveness endpoint

* 📝 docs: add return status for liveness and readiness probes

* ♻️ refactor: change probechecker to middleware

* 📝 docs: move docs to middleware session

* ♻️ refactor: apply gofumpt formatting

* ♻️ refactor: remove unused parameter

* split config and apply a review

* apply reviews and add testcases

* add benchmark

* cleanup

* rename middleware

* fix linter

* Update docs and config values

* Revert change to IsReady

* Updates based on code review

* Update docs to match other middlewares

---------

Co-authored-by: Muhammed Efe Cetin <[email protected]>
Co-authored-by: Juan Calderon-Perez <[email protected]>
Co-authored-by: Juan Calderon-Perez <[email protected]>

* prepare release v2.52.0
- add more Parser tests

* fix healthcheck.md

* configure workflows for V2 branch

* configure workflows for V2 branch

* Fix default value to false in docs of QueryBool (#2811)

fix default value to false in docs of QueryBool

* update queryParser config

* Update ctx.md

* Update routing.md

* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md

Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)

* fix: healthcheck middleware not working with route group (#2863)

* fix: healthcheck middleware not working with route group

* perf: change verification method to improve perf

* Update healthcheck_test.go

* test: add not matching route test for strict routing

* add more test cases

* correct tests

* correct test helpers

* correct tests

* correct tests

---------

Co-authored-by: Juan Calderon-Perez <[email protected]>
Co-authored-by: René Werner <[email protected]>

* Merge pull request from GHSA-fmg4-x8pw-hjhg

* Enforce Wildcard Origins with AllowCredentials check

* Expand unit-tests, fix issues with subdomains logic, update docs

* Update cors.md

* Added test using localhost, ipv4, and ipv6 address

* improve documentation markdown

---------

Co-authored-by: René Werner <[email protected]>

* Update app.go

prepare release v2.52.1

* fix cors domain normalize

* fix sync-docs workflow

* fix sync-docs workflow

* fix(middleware/cors): Validation of multiple Origins (#2883)

* fix: allow origins check

Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.

fixes #2882

* test: AllowOrigins with whitespace

* test(middleware/cors): add benchmarks

* chore: fix linter errors

* test(middleware/cors): use h() instead of app.Test()

* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme

* chore: refactor validate and normalize

* test(cors/middleware): add more benchmarks

* prepare release v2.52.2

* refactor(docs): deactivate docs sync for v2

* refactor(docs): deactivate docs sync for v2

* fix(middleware/cors): Handling and wildcard subdomain matching (#2915)

* fix: allow origins check

Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.

fixes #2882

* test: AllowOrigins with whitespace

* test(middleware/cors): add benchmarks

* chore: fix linter errors

* test(middleware/cors): use h() instead of app.Test()

* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme

* chore: refactor validate and normalize

* test(cors/middleware): add more benchmarks

* fix(middleware/cors): handling and wildcard subdomain matching

docs(middleware/cors): add How it works and Security Considerations

* chore: grammar

* Apply suggestions from code review

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: fix misspelling

* test(middleware/cors): combine Invalid_Origins tests

* refactor(middleware/cors): headers handling

* docs(middleware/cors): Update AllowOrigins description

* chore: merge

* perf(middleware/cors): optimize handler

* perf(middleware/cors): optimize handler

* chore(middleware/cors): ipdate origin handling logic

* chore(middleware/cors): fix header capitalization

* docs(middleware/cors): improve sercuity notes

* docs(middleware/cors): Improve security notes

* docs(middleware/cors): improve CORS overview

* docs(middleware/cors): fix ordering of how it works

* docs(middleware/cors): add additional info to How to works

* docs(middleware/cors): rm space

* docs(middleware/cors): add validation for AllowOrigins origins to overview

* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions

* docs(middleware/cors): Add dynamic origin validation example

* docs(middleware/cors): Improve security notes and fix header capitalization

* docs(middleware/cors): configuration examples

* docs(middleware/cors): `"*"`

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(middleware/cors): Categorize requests correctly (#2921)

* fix(middleware/cors): categorise requests correctly

* test(middleware/cors): improve test coverage for request types

* test(middleware/cors): Add subdomain matching tests

* test(middleware/cors): parallel tests for CORS headers based on request type

* test(middleware/cors): Add benchmark for CORS subdomain matching

* test(middleware/cors): cover additiona test cases

* refactor(middleware/cors): origin validation and normalization

* test(middleware/csrf): Fix Benchmark Tests (#2932)

* test(middleware/csrf): fix Benchmark_Middleware_CSRF_*

* fix(middleware/csrf): update refererMatchesHost()

* Prepare release v2.52.3

* fix(middleware/cors): CORS handling (#2937)

* fix(middleware/cors): CORS handling

* fix(middleware/cors): Vary header handling

* test(middleware/cors): Ensure Vary Headers checked

* fix(middleware/cors): Vary header handling non-cors OPTIONS requests (#2939)

* fix(middleware/cors): Vary header handling non-cors OPTIONS requests

* chore(middleware/cors): Add Vary header for non-CORS OPTIONS requests comment

* prepare release v2.52.4

* merge v2 in main(v3)

* merge v2 in main(v3)

* merge v2 in main(v3)

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: tokelo-12 <[email protected]>
Co-authored-by: Jason McNeil <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <[email protected]>
Co-authored-by: Benjamin Grosse <[email protected]>
Co-authored-by: Mehmet Firat KOMURCU <[email protected]>
Co-authored-by: Bruno <[email protected]>
Co-authored-by: Muhammad Kholid B <[email protected]>
Co-authored-by: gilwo <[email protected]>
Co-authored-by: Lucas Lemos <[email protected]>
Co-authored-by: Muhammed Efe Cetin <[email protected]>
Co-authored-by: Juan Calderon-Perez <[email protected]>
Co-authored-by: Juan Calderon-Perez <[email protected]>
Co-authored-by: Jongmin Kim <[email protected]>
Co-authored-by: Giovanni Rivera <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
fsandel pushed a commit to stackitcloud/stackit-cert-manager-webhook that referenced this pull request Apr 4, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) | require | patch | `v2.52.2` -> `v2.52.4` |

---

### Release Notes

<details>
<summary>gofiber/fiber (github.com/gofiber/fiber/v2)</summary>

### [`v2.52.4`](https://github.com/gofiber/fiber/releases/tag/v2.52.4)

[Compare Source](gofiber/fiber@v2.52.3...v2.52.4)

### 🐛 Fixes

-   Middleware/cors: CORS handling by [@&#8203;sixcolors](https://github.com/sixcolors) in gofiber/fiber#2937
-   Middleware/cors: Vary header handling non-cors OPTIONS requests by [@&#8203;sixcolors](https://github.com/sixcolors) in gofiber/fiber#2939

**Full Changelog**: gofiber/fiber@v2.52.3...v2.52.4

### [`v2.52.3`](https://github.com/gofiber/fiber/releases/tag/v2.52.3)

[Compare Source](gofiber/fiber@v2.52.2...v2.52.3)

#### 🐛 Fixes

-   Middleware/cors: Handling and wildcard subdomain matching by [@&#8203;sixcolors](https://github.com/sixcolors) in gofiber/fiber#2915
-   Middleware/cors: Categorize requests correctly by [@&#8203;sixcolors](https://github.com/sixcolors) in gofiber/fiber#2921
-   Middleware/csrf: Fix Benchmark Tests by [@&#8203;sixcolors](https://github.com/sixcolors) in gofiber/fiber#2932

**Full Changelog**: gofiber/fiber@v2.52.2...v2.52.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or rename PR to start with "rebase!".

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🐛 [Bug]: CORS middleware misclassifies all OPTIONS requests as preflight requests
3 participants