📝 [Proposal]: Add Support for the Private Network Access CORS Header Access-Control-Request-Private-Network #2804
Description
Feature Proposal Description
Add CORS Middleware Support for the Private Network Access CORS Header Access-Control-Request-Private-Network to avoid additional preflight/timeout time cost.
Alignment with Express API
Express.js's CORS middleware has not been updated yet.
HTTP RFC Standards Compliance
- Private Network Access: introducing preflights
- Private Network Access (W3C Draft Report) (Previously known as CORS-RFC1918)
API Stability
It seems that Chrome 104 has already shipped this header.
Feature Examples
app.Use(cors.New(cors.Config{
AllowPrivateNetworkAccess: true,
// other already existing fields omitted...
}))Example Request
OPTIONS /path HTTP/1.1
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Private-Network: true
Origin: https://example.com
Sec-Fetch-Mode: corsExpected Response for the Example Request
HTTP/1.1 204 No Content
Access-Control-Allow-Private-Network: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,HEAD,PUT,DELETE,PATCHChecklist:
- I agree to follow Fiber's Code of Conduct.
- I have searched for existing issues that describe my proposal before opening this one.
- I understand that a proposal that does not meet these guidelines may be closed without explanation.
Metadata
Metadata
Assignees
Type
Projects
Status