Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(middleware/cors): CORS handling #2938

Merged
merged 3 commits into from
Mar 28, 2024

Conversation

sixcolors
Copy link
Member

@sixcolors sixcolors commented Mar 26, 2024

Merge changes from v2 PR #2937

This pull request addresses issue #2936, fixing a bug introduced in the Fiber v2.52.3 release. The bug caused incorrect checking of non-preflight requests using preflight conditions.

Fiber CORS middleware validation sample: https://github.com/sixcolors/fiber-cors-middleware-validation-sample

Fixes #2936

Summary by CodeRabbit

  • Refactor
    • Refined logic for handling CORS requests in the cors.go middleware.
    • Added a new condition to handle preflight requests without the Access-Control-Request-Method header.
    • Removed setting fiber.HeaderAccessControlRequestMethod in cors_test.go.
    • Adjusted test case descriptions and refactored test cases for different request scenarios.
    • Updated benchmark functions in cors_test.go.

@sixcolors sixcolors requested a review from a team as a code owner March 26, 2024 18:51
@sixcolors sixcolors requested review from gaby, ReneWerner87 and efectn and removed request for a team March 26, 2024 18:51
Copy link
Contributor

coderabbitai bot commented Mar 26, 2024

Walkthrough

The update focuses on refining the CORS middleware and its test cases by adjusting the logic for handling CORS requests in cors.go and updating related test cases in cors_test.go. These changes aim to enhance the CORS functionality and improve testing accuracy within the middleware.

Changes

Files Changes
middleware/cors/cors.go In the cors.go middleware, the logic for handling CORS requests has been refined, adjusting the Origin header check and adding a condition for preflight requests without the Access-Control-Request-Method header.
middleware/cors/cors_test.go - Removed setting fiber.HeaderAccessControlRequestMethod in various test cases.
- Adjusted test case descriptions related to headers and methods.
- Refactored test cases for different request scenarios.
- Updated benchmark functions.

Assessment against linked issues

Objective Addressed Explanation
Confirm and resolve the CORS panic issue related to AllowOrigins with whitespace (#2882) It's unclear if the changes directly address the issue with whitespace in AllowOrigins configuration that caused panics.
Add support for Private Network Access CORS Header (#2804) The specific support for Access-Control-Request-Private-Network header or related functionality is not mentioned in the changes.
Ensure CORS configuration accepts origins correctly to prevent panics (#2882) Without detailed insights into how CORS configuration now handles origins, it's uncertain if this objective is fully met by the changes.

Related issues

Poem

Among the code's expanse, a rabbit's dance,
Refining CORS with a hopeful glance.
Bugs squashed, tests refined, in the moon's soft glow,
Bringing order to chaos, line by line, row by row.
🐇🌌 As the code evolves, with each commit's cheer,
The rabbit whispers, "Progress is near."

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

Copy link

codecov bot commented Mar 26, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.84%. Comparing base (7ba02c1) to head (83da096).

❗ Current head 83da096 differs from pull request most recent head b2014fd. Consider uploading reports for the commit b2014fd to get more accurate results

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2938      +/-   ##
==========================================
+ Coverage   82.74%   82.84%   +0.09%     
==========================================
  Files         116      116              
  Lines        8415     8417       +2     
==========================================
+ Hits         6963     6973      +10     
+ Misses       1111     1106       -5     
+ Partials      341      338       -3     
Flag Coverage Δ
unittests 82.84% <100.00%> (+0.09%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between 7ba02c1 and 83da096.
Files selected for processing (2)
  • middleware/cors/cors.go (1 hunks)
  • middleware/cors/cors_test.go (13 hunks)
Additional comments: 1
middleware/cors/cors_test.go (1)
  • 475-480: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [465-495]

The test cases have been adjusted to reflect the changes made to the CORS middleware, specifically the handling of requests without the Origin header and the processing of preflight requests with the Access-Control-Request-Method header. These adjustments are important for ensuring that the middleware behaves as expected in these scenarios.

However, it's crucial to ensure that the test coverage is comprehensive and includes scenarios that might not be immediately obvious, such as requests with malformed Origin headers or preflight requests with unusual combinations of headers.

Consider adding more test cases to cover edge cases and potential error conditions related to the changes in CORS request handling. This could include tests for malformed Origin headers, preflight requests with missing or unexpected headers, and scenarios where the request method is changed after the preflight check.

middleware/cors/cors.go Outdated Show resolved Hide resolved
@ReneWerner87 ReneWerner87 added this to the v3 milestone Mar 27, 2024
@gaby
Copy link
Member

gaby commented Mar 27, 2024

@coderabbitai review

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between 83da096 and b2014fd.
Files selected for processing (2)
  • middleware/cors/cors.go (3 hunks)
  • middleware/cors/cors_test.go (15 hunks)
Files skipped from review as they are similar to previous changes (2)
  • middleware/cors/cors.go
  • middleware/cors/cors_test.go

Copy link
Member

@gaby gaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@ReneWerner87 ReneWerner87 merged commit 0248e58 into gofiber:main Mar 28, 2024
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

🐛 [Bug]: version v2.52.2 up to v2.52.3 , cors error
3 participants