Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users currently cannot allow methods that are not uppercase #121

Open
jub0bs opened this issue Sep 2, 2023 · 1 comment
Open

Users currently cannot allow methods that are not uppercase #121

jub0bs opened this issue Sep 2, 2023 · 1 comment

Comments

@jub0bs
Copy link

jub0bs commented Sep 2, 2023
edited
Loading

The Fetch standard states that methods are, in general, case-sensitive. For instance, PATCH is distinct from patch.

However, Gin's CORS middleware currently uppercases the allowed methods before writing the result in the Access-Control-Allow-Methods. Therefore, Gin's CORS middleware prevents its users from allowing methods that are not already uppercase.

Accordingly, two currently passing test cases, TestGeneratePreflightHeaders_AllowMethods and TestPassesAllowOrigins, should actually fail, because their assertions on w.Header().Get("Access-Control-Allow-Methods") are incorrect.

FWIW, this undue case-normalisation can be deplored in other CORS middleware libraries and it tends to trip users up. Gin should fixed this.
@jub0bs
Copy link
Author

jub0bs commented Feb 27, 2024

Related: rs/cors#158

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jub0bs