✨ feat(cors): Added new 'AllowOriginsFunc' function.#2394
✨ feat(cors): Added new 'AllowOriginsFunc' function.#2394ReneWerner87 merged 4 commits intogofiber:masterfrom
Conversation
|
Thanks for opening this pull request! 🎉 Please check out our contributing guidelines. If you need help or want to chat with us, join us on Discord https://gofiber.io/discord |
175254f to
164cd26
Compare
leonklingele
left a comment
There was a problem hiding this comment.
We might want to issue a warning to stderr when both config.AllowOrigins and the new config. AllowOriginsFunc are set.
|
@Jamess-Lucass can you do the suggested change ? (use the log package https://pkg.go.dev/log with "[Warning] ") |
|
https://github.com/search?q=repo%3Agofiber%2Ffiber%20log.Printf(%22%5B&type=code maybe with the middelware name in uppercase |
|
Yeah I can add a warning log when both are set. I will add that I think it's a valid scenario for both to be set, eg. app.Use(cors.New(cors.Config{
AllowCredentials: true,
AllowOrigins: "https://my-domain.com", // for production
AllowOriginsFunc: func(origin string) bool {
return os.Getenv("ENVIRONMENT") == "development" // in development allow CORS from any origin
}
}))or even cfg := cors.Config{
AllowCredentials: true,
AllowOrigins: "https://my-domain.com", // for production
}
if os.Getenv("ENVIRONMENT") == "development" {
cfg.AllowOriginsFunc = func(origin string) bool {
// some logic
},
}
app.Use(cors.New(cfg))As long as people are aware this log does not indicate there is a miss configuration on their part and they do not need to resolve anything then I am happy. |
…OriginsFunc' are set.
|
@Jamess-Lucass the idea was to allow both but to give the user the information to choose one or the other with express only one setting is possible at the same time, because it is on the same property do you think it makes sense to use both at the same time ? |
Ahh okay I see, I personally would be setting both values but if we encourage users to just set one of them the above code block example would then look like. cfg := cors.Config{
AllowCredentials: true
}
if os.Getenv("ENVIRONMENT") == "development" {
cfg.AllowOriginsFunc = func(origin string) bool {
// some logic
},
}
if os.Getenv("ENVIRONMENT") == "production" {
cfg.AllowOrigins = "https://my-domain.com", // for production
}
app.Use(cors.New(cfg))I think either approach is fine. At the moment if it finds a match for Whatever you think is best for developer experience |
|
since we are oriented to express and one would achieve both with the functionality of the function I think that the current warning message is okay what do you think @leonklingele @efectn |
|
See my comment on issue #2390. I really think you should reconsider the addition of this feature... |
|
I'm OK to the PR. But i'd recommend to add a description to avoid using this feature in production. It can be added to config and docs |
…f this function in production workloads.
See most recent commit, I updated docs with a notice about discouraging the use of this in production. Just let me know if any of the wording wants to be changed at all 👍 |
|
Congrats on merging your first pull request! 🎉 We here at Fiber are proud of you! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord |
Description
Adds
AllowOriginsFuncfunction to cors config which adds the ability to dynamically chose whether to allow the origin via CORS or not.Fixes #2390
Type of change
Checklist:
Commit formatting:
Use emojis on commit messages so it provides an easy way of identifying the purpose or intention of a commit. Check out the emoji cheatsheet here: https://gitmoji.carloscuesta.me/