gf When the origin in the header is an empty string, it should be rejected

When the origin in the header is an empty string, it should be rejected

Open danvinhe opened this issue 2 years ago • 1 comments

https://github.com/gogf/gf/blob/5144cc0e082da90980f49b05197b69f546188de7/net/ghttp/ghttp_response_cors.go#L118 False should be returned here

Apr 18 '22 09:04 danvinhe

The CORSAllowedOrigin method just checks if the Origin is valid, and if so, sets the parameter to the header's Access-Control-Allow-Origin parameter.

There are three syntaxes for Access-Control-Allow-Origin

Access-Control-Allow-Origin: * Access-Control-Allow-Origin: origin-param Access-Control-Allow-Origin: null

Access-Control-Allow-Origin

So it is correct to return TRUE for empty string

Apr 18 '22 10:04 DGuang21

gf gf copied to clipboard

When the origin in the header is an empty string, it should be rejected

gf
gf copied to clipboard