Skip to content

🐛 [BUG]: CORS panic with AcceptOrigins with whitespace #2882

New issue
New issue
Closed
#2883
Closed
🐛 [BUG]: CORS panic with AcceptOrigins with whitespace#2882
#2883
Assignees
sixcolors
Labels
☢️ Bug
@sixcolors

Description

@sixcolors
sixcolors
opened on Feb 26, 2024

This looks like a bug to me.

will confirm shortly.

Originally posted by @sixcolors in #2881 (review)

Example code:

package main

import (
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/fiber/v2/middleware/cors"
)

func main() {
	app := fiber.New()

	app.Use(cors.New(
		cors.Config{
			AllowOrigins: "http://first-url.com, http://second-url.com",
			AllowHeaders: "Origin, Content-Type, Accept",
		},
	))

	app.Get("/", func(c *fiber.Ctx) error {
		return c.SendString("Hello, World 👋!")
	})

	app.Listen(":3000")
}

/*
To test the CORS policy, add the following lines to /etc/hosts:

127.0.0.1 first-url.com
127.0.0.1 second-url.com

then you can use the following curl command:

curl -H "Origin: http://first-url.com" \
     -H "Access-Control-Request-Method: GET" \
     -H "Access-Control-Request-Headers: Origin, Content-Type, Accept" \
     -X OPTIONS --verbose \
     http://localhost:3000
*/

output:

2024/02/26 14:53:41.612331 cors.go:125: [Warn] [CORS] Invalid origin format in configuration:  http://second-url.com
panic: [CORS] Invalid origin provided in configuration

Metadata

Metadata

Assignees

Labels

☢️ Bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions