You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem: CORSConfig (in the cors middleware) allows a function (AllowOriginFunc) to be used to determine if a given origin is allowed. However, that function is limited as it only includes a single parameter: the path. In my particular situation, I'm building an authentication service that needs to use a certain parameter in the request's path parameters (c.Param("something")) to determine which URLs are allowed for CORS purposes. This is impossible with the AllowOriginFunc not having the context in the function signature.
Solution:
Add echo.Context to the AllowOriginFunc signature.
To all echo.POST/GET/etc functions, add a new flag i.e. useSamePathParamsForOptions which auto generates an options route with the same path. Currently there's a bug or potential "by design" issue where path params are not evaluated unless there's a matching route, so you have to manually add an echo.OPTIONS(...) call for each route to generate the route for CORS purposes if you want to access path variables.
If the maintainers like this solution, I'll add a PR - I've already implemented it in my own repo and have tests for it, so it's very easy for me to add it to the echo project as well.
Maybe something that can/should go in echo v5, let me know.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Problem:
CORSConfig(in the cors middleware) allows a function (AllowOriginFunc) to be used to determine if a given origin is allowed. However, that function is limited as it only includes a single parameter: the path. In my particular situation, I'm building an authentication service that needs to use a certain parameter in the request's path parameters(c.Param("something"))to determine which URLs are allowed for CORS purposes. This is impossible with the AllowOriginFunc not having the context in the function signature.Solution:
echo.Contextto theAllowOriginFuncsignature.useSamePathParamsForOptionswhich auto generates an options route with the same path. Currently there's a bug or potential "by design" issue where path params are not evaluated unless there's a matching route, so you have to manually add anecho.OPTIONS(...)call for each route to generate the route for CORS purposes if you want to access path variables.If the maintainers like this solution, I'll add a PR - I've already implemented it in my own repo and have tests for it, so it's very easy for me to add it to the echo project as well.
Maybe something that can/should go in echo v5, let me know.
Beta Was this translation helpful? Give feedback.
All reactions