Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] cors middleware will add multiple headers when used with Party #2490

Open
Dexus opened this issue Sep 10, 2024 · 4 comments
Open

[BUG] cors middleware will add multiple headers when used with Party #2490

Dexus opened this issue Sep 10, 2024 · 4 comments
Assignees

Comments

@Dexus
Copy link

Dexus commented Sep 10, 2024

https://github.com/iris-contrib/middleware/blob/master/cors/cors_test.go

only difference is that I use a Party

...
app.UseRouter(crs)
...
v1 := app.Party("/v1").AllowMethods(iris.MethodOptions)
v1.UseRouter(crs) // same behavior for v1.Use(crs)
...
@Dexus
Copy link
Author

Dexus commented Sep 10, 2024

Additional Info:

iris.Default includes already a cors, but it is breaking the resonse:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *, Authorization, X-Authorization
Access-Control-Expose-Headers: *
Content-Type: application/problem+json; charset=utf-8
Referrer-Policy: no-referrer-when-downgrade
Vary: Origin
Vary: Origin
X-Request-Id: 7e7e2b70-5d70-46e3-8fe8-6a881c2b63ba
Date: Tue, 10 Sep 2024 13:35:50 GMT
Content-Length: 134
//cors

	crs := cors.New(cors.Options{
		AllowedOrigins:     []string{"*"},
		AllowedMethods:     []string{"PUT", "PATCH", "GET", "POST", "OPTIONS", "DELETE"},
		AllowedHeaders:     []string{"*"},
		ExposedHeaders:     []string{"*"},
		AllowCredentials:   true,
		MaxAge:             int((24 * time.Hour).Seconds()),
		Debug:              true,
	})

NO OPTIONS is allowed to the v1 routs:

app := iris.Default()
...
app.UseRouter(crs)
...
v1 := app.Party("/v1").AllowMethods(iris.MethodOptions)
v1.UseRouter(crs) // same behavior for v1.Use(crs)
...

same here:

app := iris.Default()
...
app.UseRouter(crs)
...
v1 := app.Party("/v1").AllowMethods(iris.MethodOptions)
...

This gives a 204 for options.

app := iris.Default()
...
v1 := app.Party("/v1").AllowMethods(iris.MethodOptions)
v1.UseRouter(crs) // same behavior for v1.Use(crs)
...

@fnsne
Copy link

fnsne commented Oct 22, 2024

@Dexus
Have you considered using iris.New() instead of iris.Default()?
I meet the same problem and found iris.Default() 's comment said it already includes an allow all cors middleware.
And iris.New() seens not contain cors middleware.

below is the iris.Default()'s comment

iris/iris.go

Lines 139 to 145 in d5e0048

// Default returns a new Application.
// Default with "debug" Logger Level.
// Localization enabled on "./locales" directory
// and HTML templates on "./views" or "./templates" directory.
// CORS (allow all), Recovery and
// Request ID middleware already registered.
func Default() *Application {

@Dexus
Copy link
Author

Dexus commented Oct 22, 2024

@fnsne problem is that even if I use iris.New() I will have this Issue, when I have Children, that use a other Cors setting, which we need.

@fnsne
Copy link

fnsne commented Oct 23, 2024

@Dexus It seems strange, and I'm unsure why it happend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants