-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow All Origin header not added in the response #132
Comments
Please post a minimal reproducible example. |
Almost same here r := gin.Default()
cfig := cors.DefaultConfig()
cfig.AllowAllOrigins = true
cfig.AddAllowHeaders("authorization")
r.Use(cors.New(cfig)) In my case, but I POSTed to
which lead to a 307 redirect and no CORS being sent. |
Does your request contain an origin header? The cors middleware exits early when there is no origin on the request. |
@idc77 Please post a minimal reproducible example, including server and client code. Otherwise, it's all speculations. |
I'm curious about that early bailout. When you have a mix of CORS ( https://github.com/rs/cors seems to take the path of always setting |
@jjhuff You cannot guarantee that only requests participating in the CORS protocol will hit the resource of interest. Therefore, the CORS middleware must cater for non-CORS requests also, by letting them pass through (hence the "early bailout"). As for cache effectiveness, if at least two discrete origins are allowed in your CORS configuration, the cache middleware needs to specify
Neither rs/cors (as you pointed out) nor gin-contrib/cors implement the special case as described by the quote above, but other CORS-middleware libraries do, specifically for better cache effectiveness. |
@jjhuff But you're right that systematically including |
@jub0bs I ended switching to fcors for that reason :) Working great! |
I am trying to use this for my gin service.
r := gin.Default()
r.Use(cors.Default())
//routing here
r.run(3000)
but my response do not have any header allowing all origins
The text was updated successfully, but these errors were encountered: