jub0bs

@go-english What problem? If the request doesn't contain any `Origin` header, it doesn't participate in the CORS protocol and you cannot expect it to contain CORS response headers (though it...

@go-english I'm not sure I understand the issue. Can you post one or more `curl` commands that trigger the behaviour you observe and also explain what behaviour you expect?

@go-english I think you misunderstand the purpose of CORS. Contrary to popular belief, CORS is no substitute for server-side authorisation. Rather, CORS is a protocol that lets servers instruct browsers...

@mtarkar You seem to be under the impression that configuring your server for CORS will block requests. This belief is incorrect; CORS is no defence. Please (re-)read my previous comment.

The problem with such a feature is that it promotes poor separation of concerns: you would then have to worry about routes both at the router level and in the...

I'm coming here from Stack Overflow, where someone [has just reported](https://stackoverflow.com/questions/77144910/golang-deadlock-occurs-maybe-at-compiler-time) what seems like a very similar compiler bug. I haven't had time to investigate/reduce the problem, but compilation (with...

Same issue here.

Relevant: https://jub0bs.com/posts/2023-02-08-fearless-cors/#6-treat-cors-as-a-compilation-target

Promising! I'll try that. Not that the test in question is prohibitively slow (far from it), but if more things can be checked at compile time, I'm all for it.

The README says > An origin may contain a wildcard (`*`) to replace 0 or more characters (i.e.: `http://*.domain.com`). - Pattern `https://*.domain1.com` matches any origin ending in `.domain1.com`. - Pattern...