Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass r *http.Request to AllowOriginFunc #59

Closed
aeneasr opened this issue Aug 26, 2018 · 1 comment · Fixed by #60
Closed

Pass r *http.Request to AllowOriginFunc #59

aeneasr opened this issue Aug 26, 2018 · 1 comment · Fixed by #60

Comments

@aeneasr
Copy link
Contributor

aeneasr commented Aug 26, 2018

It's currently not possible to set CORS based on e.g. HTTP Authorization. This is because signature AllowOriginFunc func(origin string) bool does no have r *http.Request. This makes advanced use cases impossible and the function for anything else than maybe wildcard-based subdomain matching. There's actually a fork that does that (https://github.com/go-chi/cors) but this should really be added here.
aeneasr pushed a commit to aeneasr/cors that referenced this issue Aug 26, 2018
Introduce cors.Config.AllowOriginRequestFunc
8b3884c 
This patch introduces cors.Config.AllowOriginRequestFunc ( `func (r *http.Request origin string) bool`) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored

Closes rs#59

Signed-off-by: arekkas <[email protected]>
@aeneasr aeneasr mentioned this issue Aug 26, 2018
Merged
aeneasr pushed a commit to aeneasr/cors that referenced this issue Aug 26, 2018
Introduce cors.Config.AllowOriginRequestFunc
c734f7a 
This patch introduces cors.Config.AllowOriginRequestFunc ( `func (r *http.Request origin string) bool`) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored

Closes rs#59

Signed-off-by: arekkas <[email protected]>
This was referenced Aug 26, 2018
Merged
Merged
aeneasr added a commit to aeneasr/cors that referenced this issue Aug 26, 2018
@aeneasr
Introduce cors.Config.AllowOriginRequestFunc (#1)
1bbd41d 
This patch introduces cors.Config.AllowOriginRequestFunc ( `func (r *http.Request origin string) bool`) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored

Closes rs#59

Signed-off-by: arekkas <[email protected]>
@aeneasr aeneasr mentioned this issue Aug 26, 2018
Closed
2 tasks
rs pushed a commit that referenced this issue Aug 26, 2018
@aeneasr @rs
Introduce cors.Config.AllowOriginRequestFunc (#60)
dc7332a 
This patch introduces cors.Config.AllowOriginRequestFunc ( `func (r *http.Request origin string) bool`) which is a custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored

Closes #59

Signed-off-by: arekkas <[email protected]>
@VojtechVitek VojtechVitek mentioned this issue Sep 19, 2022
Open
@jub0bs
Copy link
Contributor

jub0bs commented May 6, 2024

Note to readers of this issue: because AllowOriginRequestFunc is fundamentally flawed, it was deprecated in v1.11.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Introduce cors.Config.AllowOriginRequestFunc aeneasr/cors
2 participants
@aeneasr @jub0bs