From 8f4968d7f92d7b08c7143d2dd21b186172b48c3d Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Fri, 5 Jul 2024 12:06:36 +0200 Subject: [PATCH 01/11] update dependencies --- go.mod | 40 ++++++++------ go.sum | 161 ++++++++++++++++++++++----------------------------------- 2 files changed, 87 insertions(+), 114 deletions(-) diff --git a/go.mod b/go.mod index 1ed35e7..959f04c 100644 --- a/go.mod +++ b/go.mod @@ -1,30 +1,38 @@ module github.com/krakendio/krakend-cors/v2 require ( - github.com/gin-gonic/gin v1.7.7 - github.com/luraproject/lura/v2 v2.0.5 - github.com/rs/cors v1.6.0 + github.com/gin-gonic/gin v1.9.1 + github.com/luraproject/lura/v2 v2.6.3 + github.com/rs/cors v1.11.0 ) require ( + github.com/bytedance/sonic v1.9.1 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/gin-contrib/sse v0.1.0 // indirect - github.com/go-playground/locales v0.14.0 // indirect - github.com/go-playground/universal-translator v0.18.0 // indirect - github.com/go-playground/validator/v10 v10.9.0 // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect github.com/krakendio/flatmap v1.1.1 // indirect - github.com/leodido/go-urn v1.2.1 // indirect - github.com/mattn/go-isatty v0.0.14 // indirect + github.com/leodido/go-urn v1.2.4 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/ugorji/go/codec v1.2.6 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.11 // indirect github.com/valyala/fastrand v1.1.0 // indirect - golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect - golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef // indirect - golang.org/x/text v0.3.7 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + golang.org/x/arch v0.3.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) -go 1.17 +go 1.19 diff --git a/go.sum b/go.sum index e0f4558..91ed414 100644 --- a/go.sum +++ b/go.sum @@ -1,126 +1,91 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= +github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= +github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= +github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= +github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= +github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dimfeld/httptreemux/v5 v5.3.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw= +github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= +github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.7.7 h1:3DoBmSbJbZAWqXJC3SLjAPfutPJJRN1U5pALB7EeTTs= -github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= -github.com/go-chi/chi/v5 v5.0.4/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= -github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= -github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= -github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU= -github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= -github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= -github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho= -github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= -github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= -github.com/go-playground/validator/v10 v10.9.0 h1:NgTtmN58D0m8+UuxtYmGztBJB7VnPgjj221I1QHci2A= -github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= +github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js= +github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/krakendio/flatmap v0.0.0-20220531185225-4cb0ad6fbedd h1:WeU06zDY02PJ7wQZVZdbLrGOC9j1o6YcOnESGdohgNM= -github.com/krakendio/flatmap v0.0.0-20220531185225-4cb0ad6fbedd/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/krakendio/flatmap v1.1.1 h1:rGBNVpBY0pMk6cLOwerVzoKY4HELnpu0xvqB231lOCQ= github.com/krakendio/flatmap v1.1.1/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo= -github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= -github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= -github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= -github.com/luraproject/lura/v2 v2.0.0-20220601150625-abb94fb9730d h1:XmVeK0wbQ/cY2yQP0uH7ztF5wzpgBLv4oFlVUFWZ0Bo= -github.com/luraproject/lura/v2 v2.0.0-20220601150625-abb94fb9730d/go.mod h1:M13cN+J+5/pXZx46zZVT9h+36kPPvcFA/Jcuk45xSZw= -github.com/luraproject/lura/v2 v2.0.5 h1:Mc4uj37s7mv6qRLy+Uo983CiaITPSVJYooeUilbiD+k= -github.com/luraproject/lura/v2 v2.0.5/go.mod h1:r2N4j89Snm1j+Y9CCa9cYR1T2ETRL0E4y9P+DgymqX4= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= +github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= +github.com/luraproject/lura/v2 v2.6.3 h1:4EQynK35ui2o/t7REh1QR+XCPCQhA/kF9h5JTQK8M0o= +github.com/luraproject/lura/v2 v2.6.3/go.mod h1:M3TOzbvde5k7f5gGX4GVw3J1UJDYWPtDjHI0KOHbYc0= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= +github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= -github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po= +github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E= -github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ= -github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw= -github.com/urfave/negroni/v2 v2.0.2/go.mod h1:SjdApKzYrObukpN/NnlejbQiZWIUjfDFzQltScGYigI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= +github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= +github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8= github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef h1:fPxZ3Umkct3LZ8gK9nbk+DWDJ9fstZa2grBn+lWVKPs= -golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k= +golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= From 6c2bf7bfee31f26c87460b0fbe59c7bdb4b875e6 Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Sun, 7 Jul 2024 11:30:33 +0200 Subject: [PATCH 02/11] fix: adapt test to new behaviour of the CORS library --- cors.go | 1 - gin/cors_test.go | 47 +++++++++++++++++++++++++++++++++-------------- go.mod | 1 + go.sum | 25 +++++++++++++++++++++++++ mux/cors_test.go | 45 +++++++++++++++++++++++++++++++-------------- 5 files changed, 90 insertions(+), 29 deletions(-) diff --git a/cors.go b/cors.go index 8fecef5..7fd439b 100644 --- a/cors.go +++ b/cors.go @@ -35,7 +35,6 @@ func ConfigGetter(e config.ExtraConfig) interface{} { cfg := Config{} cfg.AllowOrigins = getList(tmp, "allow_origins") - cfg.AllowMethods = getList(tmp, "allow_methods") cfg.AllowHeaders = getList(tmp, "allow_headers") cfg.ExposeHeaders = getList(tmp, "expose_headers") diff --git a/gin/cors_test.go b/gin/cors_test.go index 286d371..29a774e 100644 --- a/gin/cors_test.go +++ b/gin/cors_test.go @@ -2,6 +2,7 @@ package gin import ( "encoding/json" + "fmt" "net/http" "net/http/httptest" "strings" @@ -20,43 +21,57 @@ func TestInvalidCfg(t *testing.T) { func TestNew(t *testing.T) { sampleCfg := map[string]interface{}{} - serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { - "allow_origins": [ "http://foobar.com" ], - "allow_methods": [ "GET" ], + serialized := []byte(`{ + "github_com/devopsfaith/krakend-cors": { + "allow_origins": ["http://foobar.com", "http://example.com"], + "allow_headers": ["origin"], + "allow_methods": ["GET"], "max_age": "2h" } }`) - json.Unmarshal(serialized, &sampleCfg) + err := json.Unmarshal(serialized, &sampleCfg) + if err != nil { + t.Errorf("cannot unmarshal sampleCfg: %s", err.Error()) + return + } e := gin.Default() corsMw := New(sampleCfg) if corsMw == nil { t.Error("The cors middleware should not be nil.\n") + return } e.Use(corsMw) e.GET("/foo", func(c *gin.Context) { c.String(200, "Yeah") }) + res := httptest.NewRecorder() + req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) req.Header.Add("Origin", "http://foobar.com") req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 { - t.Errorf("Invalid status code: %d should be 200", res.Code) + fmt.Printf("METHOD -> %s\n", req.Method) + if res.Code != 200 && res.Code != 204 { + t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + return } assertHeaders(t, res.Header(), map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", "Access-Control-Allow-Origin": "http://foobar.com", "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "Origin", + "Access-Control-Allow-Headers": "origin", "Access-Control-Max-Age": "7200", }) } func TestAllowOriginWildcard(t *testing.T) { sampleCfg := map[string]interface{}{} + // WARNING: even if we allow all origins, we still have to specify + // the allow_headers config serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { - "allow_origins": [ "*" ] + "allow_origins": [ "*" ], + "allow_headers": ["origin"] } }`) json.Unmarshal(serialized, &sampleCfg) @@ -73,7 +88,7 @@ func TestAllowOriginWildcard(t *testing.T) { req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 { + if res.Code != 200 && res.Code != 204 { t.Errorf("Invalid status code: %d should be 200", res.Code) } @@ -81,11 +96,15 @@ func TestAllowOriginWildcard(t *testing.T) { "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "Origin", + "Access-Control-Allow-Headers": "origin", }) } func TestAllowOriginEmpty(t *testing.T) { + // WARNING: with an empty config, the library now falls back + // to "secure" defaults, not allowing the request + // (in the mux/cors_test.go, we did the reverse, we specified + // the test to allow everything). sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { } @@ -104,15 +123,15 @@ func TestAllowOriginEmpty(t *testing.T) { req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 { + if res.Code != 200 && res.Code != 204 { t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", - "Access-Control-Allow-Origin": "*", - "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "Origin", + "Access-Control-Allow-Origin": "", + "Access-Control-Allow-Methods": "", + "Access-Control-Allow-Headers": "", }) } diff --git a/go.mod b/go.mod index 959f04c..f3bc382 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/rs/cors/wrapper/gin v0.0.0-20240515105523-1562b1715b35 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect github.com/valyala/fastrand v1.1.0 // indirect diff --git a/go.sum b/go.sum index 91ed414..d79513c 100644 --- a/go.sum +++ b/go.sum @@ -11,19 +11,24 @@ github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js= github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= @@ -31,15 +36,18 @@ github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZX github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/krakendio/flatmap v1.1.1 h1:rGBNVpBY0pMk6cLOwerVzoKY4HELnpu0xvqB231lOCQ= github.com/krakendio/flatmap v1.1.1/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo= +github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= github.com/luraproject/lura/v2 v2.6.3 h1:4EQynK35ui2o/t7REh1QR+XCPCQhA/kF9h5JTQK8M0o= github.com/luraproject/lura/v2 v2.6.3/go.mod h1:M3TOzbvde5k7f5gGX4GVw3J1UJDYWPtDjHI0KOHbYc0= +github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= @@ -48,12 +56,23 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik= +github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so= +github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= +github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE= +github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors v1.10.0 h1:62NOS1h+r8p1mW6FM0FSB0exioXLhd/sh15KpjWBZ+8= +github.com/rs/cors v1.10.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po= github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors/wrapper/gin v0.0.0-20240515105523-1562b1715b35 h1:YI8KKdUmi/l2NWArtFPEY6qFM7h6+V2kYj5kz81WSHs= +github.com/rs/cors/wrapper/gin v0.0.0-20240515105523-1562b1715b35/go.mod h1:742Ialb8SOs5yB2PqRDzFcyND3280PoaS5/wcKQUQKE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -63,6 +82,8 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= +github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8= @@ -74,6 +95,7 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= @@ -85,6 +107,9 @@ google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGm google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/mux/cors_test.go b/mux/cors_test.go index f76356f..c99c5b0 100644 --- a/mux/cors_test.go +++ b/mux/cors_test.go @@ -23,11 +23,17 @@ func TestNew(t *testing.T) { sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { "allow_origins": [ "http://foobar.com" ], + "allow_headers": [ "origin" ], "allow_methods": [ "GET" ], "max_age": "2h" } }`) - json.Unmarshal(serialized, &sampleCfg) + err := json.Unmarshal(serialized, &sampleCfg) + if err != nil { + t.Errorf("cannot unmarshal config: %s", err.Error()) + return + + } h := New(sampleCfg) res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) @@ -41,7 +47,7 @@ func TestNew(t *testing.T) { "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", "Access-Control-Allow-Origin": "http://foobar.com", "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "Origin", + "Access-Control-Allow-Headers": "origin", "Access-Control-Max-Age": "7200", }) } @@ -56,6 +62,7 @@ func TestNewWithLogger(t *testing.T) { sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { "allow_origins": [ "http://foobar.com" ], + "allow_headers": [ "origin" ], "allow_methods": [ "GET" ], "max_age": "2h" } @@ -65,18 +72,20 @@ func TestNewWithLogger(t *testing.T) { res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) req.Header.Add("Origin", "http://foobar.com") + req.Header.Add("Access-Control-Request-Method", "GET") + req.Header.Add("Access-Control-Request-Headers", "origin") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) - if res.Code != 200 { + if res.Code != 200 && res.Code != 204 { t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ - "Vary": "", - "Access-Control-Allow-Origin": "", - "Access-Control-Allow-Methods": "", - "Access-Control-Allow-Headers": "", - "Access-Control-Max-Age": "", + "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", + "Access-Control-Allow-Origin": "http://foobar.com", + "Access-Control-Allow-Methods": "GET", + "Access-Control-Allow-Headers": "origin", + "Access-Control-Max-Age": "7200", }) loggedMsg := buf.String() @@ -85,29 +94,37 @@ func TestNewWithLogger(t *testing.T) { } } -func TestAllowOriginEmpty(t *testing.T) { +func TestAllowWildcard(t *testing.T) { sampleCfg := map[string]interface{}{} + // WARNING: Here, empty configurations is not defaultion to allow + // all origins, and all headers, so the config should be changed to this + // config to allow everything serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { + "allow_origins": ["*"], + "allow_headers": ["*"] } }`) - json.Unmarshal(serialized, &sampleCfg) + err := json.Unmarshal(serialized, &sampleCfg) + if err != nil { + t.Errorf("cannot deserialize config: %s\n", err.Error()) + } h := New(sampleCfg) res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) + req.Header.Add("Origin", "http://foobar.com") req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") - req.Header.Add("Origin", "http://foobar.com") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) - if res.Code != 200 { - t.Errorf("Invalid status code: %d should be 200", res.Code) + if res.Code != 200 && res.Code != 204 { + t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) } assertHeaders(t, res.Header(), map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "Origin", + "Access-Control-Allow-Headers": "origin", }) } From e2d7deb0d1a4d3566ae921e6eb2dac89962e0b4b Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Sun, 7 Jul 2024 11:34:49 +0200 Subject: [PATCH 03/11] go 1.20 is required for gin --- .github/workflows/go.yml | 2 +- go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index c80ffa8..018958a 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.17 + go-version: 1.20 - name: Test run: go test -v ./... diff --git a/go.mod b/go.mod index f3bc382..c0c6a0c 100644 --- a/go.mod +++ b/go.mod @@ -36,4 +36,4 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -go 1.19 +go 1.20 From 4d5936c1ab591349f46f6f5d677f10853c153016 Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Sun, 7 Jul 2024 11:48:32 +0200 Subject: [PATCH 04/11] update setup-go action --- .github/workflows/go.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 018958a..67e46a3 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -11,10 +11,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: 1.20 From 585c80a40f2b335e6e6a3c188f65a67ca379735d Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Sun, 7 Jul 2024 11:55:44 +0200 Subject: [PATCH 05/11] try fix build issue --- .github/workflows/go.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 67e46a3..e6f5c9c 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -11,12 +11,12 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.20 + go-version: '1.20' - name: Test run: go test -v ./... From a91fb7597fa096b37a03f9afc7e2defee1d554a4 Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Sun, 7 Jul 2024 12:27:55 +0200 Subject: [PATCH 06/11] fix style issue --- cors.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cors.go b/cors.go index 7fd439b..6e47113 100644 --- a/cors.go +++ b/cors.go @@ -59,7 +59,7 @@ func ConfigGetter(e config.ExtraConfig) interface{} { } func getList(data map[string]interface{}, name string) []string { - out := []string{} + var out []string if vs, ok := data[name]; ok { if v, ok := vs.([]interface{}); ok { for _, s := range v { From 8c08cd09a82a1ec92f52998fe1dda85034d4744c Mon Sep 17 00:00:00 2001 From: David Hontecillas Date: Mon, 8 Jul 2024 08:36:32 +0200 Subject: [PATCH 07/11] make the krakend-cors config adapt the values to maintain previous behaviour --- gin/cors.go | 7 +++++++ gin/cors_test.go | 39 ++++++++++----------------------------- mux/cors.go | 8 ++++++++ mux/cors_test.go | 35 +++++++++-------------------------- 4 files changed, 34 insertions(+), 55 deletions(-) diff --git a/gin/cors.go b/gin/cors.go index 3e46781..7605a07 100644 --- a/gin/cors.go +++ b/gin/cors.go @@ -24,6 +24,13 @@ func New(e config.ExtraConfig) gin.HandlerFunc { return nil } + if len(cfg.AllowOrigins) == 0 { + cfg.AllowOrigins = []string{"*"} + } + if len(cfg.AllowHeaders) == 0 { + cfg.AllowHeaders = []string{"*"} + } + return wrapper.New(cors.Options{ AllowedOrigins: cfg.AllowOrigins, AllowedMethods: cfg.AllowMethods, diff --git a/gin/cors_test.go b/gin/cors_test.go index 29a774e..05993af 100644 --- a/gin/cors_test.go +++ b/gin/cors_test.go @@ -2,7 +2,6 @@ package gin import ( "encoding/json" - "fmt" "net/http" "net/http/httptest" "strings" @@ -21,39 +20,28 @@ func TestInvalidCfg(t *testing.T) { func TestNew(t *testing.T) { sampleCfg := map[string]interface{}{} - serialized := []byte(`{ - "github_com/devopsfaith/krakend-cors": { - "allow_origins": ["http://foobar.com", "http://example.com"], - "allow_headers": ["origin"], - "allow_methods": ["GET"], + serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { + "allow_origins": [ "http://foobar.com" ], + "allow_methods": [ "GET" ], "max_age": "2h" } }`) - err := json.Unmarshal(serialized, &sampleCfg) - if err != nil { - t.Errorf("cannot unmarshal sampleCfg: %s", err.Error()) - return - } + json.Unmarshal(serialized, &sampleCfg) e := gin.Default() corsMw := New(sampleCfg) if corsMw == nil { t.Error("The cors middleware should not be nil.\n") - return } e.Use(corsMw) e.GET("/foo", func(c *gin.Context) { c.String(200, "Yeah") }) - res := httptest.NewRecorder() - req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) req.Header.Add("Origin", "http://foobar.com") req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - fmt.Printf("METHOD -> %s\n", req.Method) if res.Code != 200 && res.Code != 204 { t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) - return } assertHeaders(t, res.Header(), map[string]string{ @@ -67,11 +55,8 @@ func TestNew(t *testing.T) { func TestAllowOriginWildcard(t *testing.T) { sampleCfg := map[string]interface{}{} - // WARNING: even if we allow all origins, we still have to specify - // the allow_headers config serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { - "allow_origins": [ "*" ], - "allow_headers": ["origin"] + "allow_origins": [ "*" ] } }`) json.Unmarshal(serialized, &sampleCfg) @@ -89,7 +74,7 @@ func TestAllowOriginWildcard(t *testing.T) { req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200", res.Code) + t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) } assertHeaders(t, res.Header(), map[string]string{ @@ -101,10 +86,6 @@ func TestAllowOriginWildcard(t *testing.T) { } func TestAllowOriginEmpty(t *testing.T) { - // WARNING: with an empty config, the library now falls back - // to "secure" defaults, not allowing the request - // (in the mux/cors_test.go, we did the reverse, we specified - // the test to allow everything). sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { } @@ -124,14 +105,14 @@ func TestAllowOriginEmpty(t *testing.T) { req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200", res.Code) + t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) } assertHeaders(t, res.Header(), map[string]string{ "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", - "Access-Control-Allow-Origin": "", - "Access-Control-Allow-Methods": "", - "Access-Control-Allow-Headers": "", + "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Methods": "GET", + "Access-Control-Allow-Headers": "origin", }) } diff --git a/mux/cors.go b/mux/cors.go index b0f376e..aae5a4d 100644 --- a/mux/cors.go +++ b/mux/cors.go @@ -26,6 +26,14 @@ func NewWithLogger(e config.ExtraConfig, l logging.Logger) mux.HandlerMiddleware if !ok { return nil } + + if len(cfg.AllowOrigins) == 0 { + cfg.AllowOrigins = []string{"*"} + } + if len(cfg.AllowHeaders) == 0 { + cfg.AllowHeaders = []string{"*"} + } + c := cors.New(cors.Options{ AllowedOrigins: cfg.AllowOrigins, AllowedMethods: cfg.AllowMethods, diff --git a/mux/cors_test.go b/mux/cors_test.go index c99c5b0..d1a047f 100644 --- a/mux/cors_test.go +++ b/mux/cors_test.go @@ -23,17 +23,11 @@ func TestNew(t *testing.T) { sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { "allow_origins": [ "http://foobar.com" ], - "allow_headers": [ "origin" ], "allow_methods": [ "GET" ], "max_age": "2h" } }`) - err := json.Unmarshal(serialized, &sampleCfg) - if err != nil { - t.Errorf("cannot unmarshal config: %s", err.Error()) - return - - } + json.Unmarshal(serialized, &sampleCfg) h := New(sampleCfg) res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) @@ -62,7 +56,6 @@ func TestNewWithLogger(t *testing.T) { sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { "allow_origins": [ "http://foobar.com" ], - "allow_headers": [ "origin" ], "allow_methods": [ "GET" ], "max_age": "2h" } @@ -72,20 +65,18 @@ func TestNewWithLogger(t *testing.T) { res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) req.Header.Add("Origin", "http://foobar.com") - req.Header.Add("Access-Control-Request-Method", "GET") - req.Header.Add("Access-Control-Request-Headers", "origin") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200", res.Code) + t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) } assertHeaders(t, res.Header(), map[string]string{ - "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", + "Vary": "Origin", "Access-Control-Allow-Origin": "http://foobar.com", - "Access-Control-Allow-Methods": "GET", - "Access-Control-Allow-Headers": "origin", - "Access-Control-Max-Age": "7200", + "Access-Control-Allow-Methods": "", + "Access-Control-Allow-Headers": "", + "Access-Control-Max-Age": "", }) loggedMsg := buf.String() @@ -94,26 +85,18 @@ func TestNewWithLogger(t *testing.T) { } } -func TestAllowWildcard(t *testing.T) { +func TestAllowOriginEmpty(t *testing.T) { sampleCfg := map[string]interface{}{} - // WARNING: Here, empty configurations is not defaultion to allow - // all origins, and all headers, so the config should be changed to this - // config to allow everything serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { - "allow_origins": ["*"], - "allow_headers": ["*"] } }`) - err := json.Unmarshal(serialized, &sampleCfg) - if err != nil { - t.Errorf("cannot deserialize config: %s\n", err.Error()) - } + json.Unmarshal(serialized, &sampleCfg) h := New(sampleCfg) res := httptest.NewRecorder() req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) - req.Header.Add("Origin", "http://foobar.com") req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") + req.Header.Add("Origin", "http://foobar.com") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) if res.Code != 200 && res.Code != 204 { From 263ee527c88a399656c040659af0898636e52ca3 Mon Sep 17 00:00:00 2001 From: Daniel Ortiz Date: Wed, 10 Jul 2024 12:46:49 +0000 Subject: [PATCH 08/11] Add new configuration options from the rs/cors update. - options_success_status: allows to define the options success status code. - options_passthrough: Instructs preflight to let other potential next handlers to process the OPTIONS method. Turn this on if your application handles OPTIONS. - allow_private_network: Indicates whether to accept cross-origin requests over a private network. Signed-off-by: Daniel Ortiz --- cors.go | 33 ++++++++++++++++++++++++++------- gin/cors.go | 21 +++++++++++++++------ mux/cors.go | 21 +++++++++++++++------ mux/cors_test.go | 28 ++++++++++++++++++++++++++++ 4 files changed, 84 insertions(+), 19 deletions(-) diff --git a/cors.go b/cors.go index 6e47113..bfc009e 100644 --- a/cors.go +++ b/cors.go @@ -11,13 +11,16 @@ const Namespace = "github_com/devopsfaith/krakend-cors" // Config holds the configuration of CORS type Config struct { - AllowOrigins []string - AllowMethods []string - AllowHeaders []string - ExposeHeaders []string - AllowCredentials bool - MaxAge time.Duration - Debug bool + AllowOrigins []string + AllowMethods []string + AllowHeaders []string + ExposeHeaders []string + AllowCredentials bool + AllowPrivateNetwork bool + OptionsPassthrough bool + OptionsSuccessStatus int + MaxAge time.Duration + Debug bool } // ConfigGetter implements the config.ConfigGetter interface. It parses the extra config an allowed @@ -50,6 +53,22 @@ func ConfigGetter(e config.ExtraConfig) interface{} { cfg.Debug = ok && v } + if allowPrivateNetwork, ok := tmp["allow_private_network"]; ok { + v, ok := allowPrivateNetwork.(bool) + cfg.AllowPrivateNetwork = ok && v + } + + if optionsPassthrough, ok := tmp["options_passthrough"]; ok { + v, ok := optionsPassthrough.(bool) + cfg.OptionsPassthrough = ok && v + } + + if optionsSuccessStatus, ok := tmp["options_success_status"]; ok { + if v, ok := optionsSuccessStatus.(float64); ok { + cfg.OptionsSuccessStatus = int(v) + } + } + if maxAge, ok := tmp["max_age"]; ok { if d, err := time.ParseDuration(maxAge.(string)); err == nil { cfg.MaxAge = d diff --git a/gin/cors.go b/gin/cors.go index 7605a07..f2ec741 100644 --- a/gin/cors.go +++ b/gin/cors.go @@ -30,14 +30,23 @@ func New(e config.ExtraConfig) gin.HandlerFunc { if len(cfg.AllowHeaders) == 0 { cfg.AllowHeaders = []string{"*"} } + // Maintain the old default value to not change behaviour + // the rs/cors new default is to return a 204 + if cfg.OptionsSuccessStatus == 0 { + cfg.OptionsSuccessStatus = 200 + } return wrapper.New(cors.Options{ - AllowedOrigins: cfg.AllowOrigins, - AllowedMethods: cfg.AllowMethods, - AllowedHeaders: cfg.AllowHeaders, - ExposedHeaders: cfg.ExposeHeaders, - AllowCredentials: cfg.AllowCredentials, - MaxAge: int(cfg.MaxAge.Seconds()), + AllowedOrigins: cfg.AllowOrigins, + AllowedMethods: cfg.AllowMethods, + AllowedHeaders: cfg.AllowHeaders, + ExposedHeaders: cfg.ExposeHeaders, + AllowCredentials: cfg.AllowCredentials, + AllowPrivateNetwork: cfg.AllowPrivateNetwork, + OptionsPassthrough: cfg.OptionsPassthrough, + OptionsSuccessStatus: cfg.OptionsSuccessStatus, + MaxAge: int(cfg.MaxAge.Seconds()), + Debug: cfg.Debug, }) } diff --git a/mux/cors.go b/mux/cors.go index aae5a4d..ba4a4bf 100644 --- a/mux/cors.go +++ b/mux/cors.go @@ -33,14 +33,23 @@ func NewWithLogger(e config.ExtraConfig, l logging.Logger) mux.HandlerMiddleware if len(cfg.AllowHeaders) == 0 { cfg.AllowHeaders = []string{"*"} } + // Maintain the old default value to not change behaviour + // the rs/cors new default is to return a 204 + if cfg.OptionsSuccessStatus == 0 { + cfg.OptionsSuccessStatus = 200 + } c := cors.New(cors.Options{ - AllowedOrigins: cfg.AllowOrigins, - AllowedMethods: cfg.AllowMethods, - AllowedHeaders: cfg.AllowHeaders, - ExposedHeaders: cfg.ExposeHeaders, - AllowCredentials: cfg.AllowCredentials, - MaxAge: int(cfg.MaxAge.Seconds()), + AllowedOrigins: cfg.AllowOrigins, + AllowedMethods: cfg.AllowMethods, + AllowedHeaders: cfg.AllowHeaders, + ExposedHeaders: cfg.ExposeHeaders, + AllowCredentials: cfg.AllowCredentials, + AllowPrivateNetwork: cfg.AllowPrivateNetwork, + OptionsPassthrough: cfg.OptionsPassthrough, + OptionsSuccessStatus: cfg.OptionsSuccessStatus, + Debug: cfg.Debug, + MaxAge: int(cfg.MaxAge.Seconds()), }) if l == nil || !cfg.Debug { return c diff --git a/mux/cors_test.go b/mux/cors_test.go index d1a047f..f5bd82a 100644 --- a/mux/cors_test.go +++ b/mux/cors_test.go @@ -23,6 +23,7 @@ func TestNew(t *testing.T) { sampleCfg := map[string]interface{}{} serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { "allow_origins": [ "http://foobar.com" ], + "allow_headers": [ "Origin" ], "allow_methods": [ "GET" ], "max_age": "2h" } @@ -111,6 +112,33 @@ func TestAllowOriginEmpty(t *testing.T) { }) } +func TestOptionsSuccess(t *testing.T) { + sampleCfg := map[string]interface{}{} + serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { + "options_success_status": 205 + } + }`) + json.Unmarshal(serialized, &sampleCfg) + h := New(sampleCfg) + res := httptest.NewRecorder() + req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) + req.Header.Add("Access-Control-Request-Method", "GET") + req.Header.Add("Access-Control-Request-Headers", "origin") + req.Header.Add("Origin", "http://foobar.com") + handler := h.Handler(testHandler) + handler.ServeHTTP(res, req) + if res.Code != 205 { + t.Errorf("Invalid status code: %d should be 205", res.Code) + } + + assertHeaders(t, res.Header(), map[string]string{ + "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", + "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Methods": "GET", + "Access-Control-Allow-Headers": "origin", + }) +} + var allHeaders = []string{ "Vary", "Access-Control-Allow-Origin", From a97d30bcbb9a1571391b247b14e631f3a41940a6 Mon Sep 17 00:00:00 2001 From: Daniel Ortiz Date: Thu, 11 Jul 2024 22:02:54 +0000 Subject: [PATCH 09/11] Add unit tests for the new configuration options. Signed-off-by: Daniel Ortiz --- mux/cors_test.go | 60 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/mux/cors_test.go b/mux/cors_test.go index f5bd82a..cf28089 100644 --- a/mux/cors_test.go +++ b/mux/cors_test.go @@ -68,8 +68,8 @@ func TestNewWithLogger(t *testing.T) { req.Header.Add("Origin", "http://foobar.com") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) - if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ @@ -100,8 +100,8 @@ func TestAllowOriginEmpty(t *testing.T) { req.Header.Add("Origin", "http://foobar.com") handler := h.Handler(testHandler) handler.ServeHTTP(res, req) - if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ @@ -139,6 +139,58 @@ func TestOptionsSuccess(t *testing.T) { }) } +func TestAllowPrivateNetwork(t *testing.T) { + sampleCfg := map[string]interface{}{} + serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { + "allow_private_network": true + } + }`) + json.Unmarshal(serialized, &sampleCfg) + h := New(sampleCfg) + res := httptest.NewRecorder() + req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) + req.Header.Add("Access-Control-Request-Method", "GET") + req.Header.Add("Access-Control-Request-Private-Network", "true") + req.Header.Add("Origin", "http://foobar.com") + handler := h.Handler(testHandler) + handler.ServeHTTP(res, req) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) + } + + assertHeaders(t, res.Header(), map[string]string{ + "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", + "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Methods": "GET", + "Access-Control-Allow-Private-Network": "true", + }) +} + +func TestOptionPasstrough(t *testing.T) { + sampleCfg := map[string]interface{}{} + serialized := []byte(`{ "github_com/devopsfaith/krakend-cors": { + "options_passthrough": true + } + }`) + json.Unmarshal(serialized, &sampleCfg) + h := New(sampleCfg) + res := httptest.NewRecorder() + req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil) + req.Header.Add("Access-Control-Request-Method", "GET") + req.Header.Add("Origin", "http://foobar.com") + handler := h.Handler(testHandler) + handler.ServeHTTP(res, req) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) + } + + assertHeaders(t, res.Header(), map[string]string{ + "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", + "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Methods": "GET", + }) +} + var allHeaders = []string{ "Vary", "Access-Control-Allow-Origin", From 8150939fd3c21d0c10fbbcd2ac4afd6a5c5cd56a Mon Sep 17 00:00:00 2001 From: Daniel Ortiz Date: Thu, 11 Jul 2024 22:07:51 +0000 Subject: [PATCH 10/11] Run the gin unittests in test mode. Signed-off-by: Daniel Ortiz --- gin/cors_test.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/gin/cors_test.go b/gin/cors_test.go index 05993af..45250a9 100644 --- a/gin/cors_test.go +++ b/gin/cors_test.go @@ -27,7 +27,8 @@ func TestNew(t *testing.T) { } }`) json.Unmarshal(serialized, &sampleCfg) - e := gin.Default() + gin.SetMode(gin.TestMode) + e := gin.New() corsMw := New(sampleCfg) if corsMw == nil { t.Error("The cors middleware should not be nil.\n") @@ -60,7 +61,8 @@ func TestAllowOriginWildcard(t *testing.T) { } }`) json.Unmarshal(serialized, &sampleCfg) - e := gin.Default() + gin.SetMode(gin.TestMode) + e := gin.New() corsMw := New(sampleCfg) if corsMw == nil { t.Error("The cors middleware should not be nil.\n") @@ -91,7 +93,8 @@ func TestAllowOriginEmpty(t *testing.T) { } }`) json.Unmarshal(serialized, &sampleCfg) - e := gin.Default() + gin.SetMode(gin.TestMode) + e := gin.New() corsMw := New(sampleCfg) if corsMw == nil { t.Error("The cors middleware should not be nil.\n") From 85562b7c0fd769520d8a2d041a6774fdf8030c53 Mon Sep 17 00:00:00 2001 From: Daniel Ortiz Date: Thu, 11 Jul 2024 22:15:14 +0000 Subject: [PATCH 11/11] Check that only our default is the response status code. Signed-off-by: Daniel Ortiz --- gin/cors_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/gin/cors_test.go b/gin/cors_test.go index 45250a9..0937f0c 100644 --- a/gin/cors_test.go +++ b/gin/cors_test.go @@ -41,8 +41,8 @@ func TestNew(t *testing.T) { req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ @@ -75,8 +75,8 @@ func TestAllowOriginWildcard(t *testing.T) { req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{ @@ -107,8 +107,8 @@ func TestAllowOriginEmpty(t *testing.T) { req.Header.Add("Access-Control-Request-Method", "GET") req.Header.Add("Access-Control-Request-Headers", "origin") e.ServeHTTP(res, req) - if res.Code != 200 && res.Code != 204 { - t.Errorf("Invalid status code: %d should be 200 or 204", res.Code) + if res.Code != 200 { + t.Errorf("Invalid status code: %d should be 200", res.Code) } assertHeaders(t, res.Header(), map[string]string{