Skip to content

Commit

Permalink
CORS: reject requests with 401 for non-preflight request with not mat…
Browse files Browse the repository at this point in the history 
…ching origin header (#2732)
  • Loading branch information
@aldas
aldas authored Jan 7, 2025
1 parent 45524e3 commit ee3e129
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion middleware/cors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {
// Origin not allowed
if allowOrigin == "" {
if !preflight {
return next(c)
return echo.ErrUnauthorized
}
return c.NoContent(http.StatusNoContent)
}
Expand Down
2 changes: 1 addition & 1 deletion middleware/cors_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -525,7 +525,7 @@ func TestCorsHeaders(t *testing.T) {
allowedOrigin: "http://example.com",
method: http.MethodGet,
expected: false,
expectStatus: http.StatusOK,
expectStatus: http.StatusUnauthorized,
},
{
name: "non-preflight request, allow specific origin, matching origin header = CORS logic done",
Expand Down

0 comments on commit ee3e129

Please sign in to comment.