Alanxtl commented on code in PR #3090: URL: https://github.com/apache/dubbo-go/pull/3090#discussion_r2610348537
########## protocol/triple/triple_protocol/cors.go: ########## @@ -0,0 +1,470 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package triple_protocol + +import ( + "net" + "net/http" + "net/url" + "sort" + "strconv" + "strings" +) + +import ( + "github.com/dubbogo/gost/log/logger" +) + +// originPattern represents a pre-compiled origin matching pattern. +type originPattern struct { + scheme string // empty means any scheme + host string // hostname without port + port string // port (canonical for URL patterns, raw for hostname-only patterns) + isWildcard bool // true for "*" + isSubdomain bool // true for "*.example.com" + raw string // original string for exact match +} + +// CorsConfig is a CORS configuration struct for handler options. +type CorsConfig struct { + AllowOrigins []string + AllowMethods []string + AllowHeaders []string + ExposeHeaders []string + AllowCredentials bool + MaxAge int +} + +// corsPolicy is an internal CORS policy that contains compiled patterns and runtime state. +type corsPolicy struct { + CorsConfig // embed public config to avoid duplication + hasWildcard bool + compiledPatterns []originPattern // pre-compiled patterns for fast matching + // Pre-computed header values to avoid repeated strings.Join calls + prebuiltAllowMethods string + prebuiltAllowHeaders string + prebuiltExposeHeaders string +} + +const ( + defaultPreflightMaxAge = 86400 // 24 hours in seconds + wildcardOrigin = "*" + defaultHTTPPort = "80" + defaultHTTPSPort = "443" +) + +const ( + corsOrigin = "Origin" + corsVary = "Vary" + corsAllowOrigin = "Access-Control-Allow-Origin" + corsAllowMethods = "Access-Control-Allow-Methods" + corsAllowHeaders = "Access-Control-Allow-Headers" + corsExposeHeaders = "Access-Control-Expose-Headers" + corsAllowCredentials = "Access-Control-Allow-Credentials" + corsMaxAge = "Access-Control-Max-Age" + corsRequestMethod = "Access-Control-Request-Method" + corsRequestHeaders = "Access-Control-Request-Headers" +) + +var defaultCorsMethods = []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete} + +// buildCorsPolicy processes the corsPolicy with handlers and returns a fully configured corsPolicy. +func buildCorsPolicy(cfg *corsPolicy, handlers []protocolHandler) *corsPolicy { + if cfg == nil { + return nil + } + if len(cfg.AllowOrigins) == 0 { + return nil + } + + hasWildcard := cfg.checkHasWildcard() + built := &corsPolicy{ + CorsConfig: CorsConfig{ + AllowOrigins: append([]string(nil), cfg.AllowOrigins...), + AllowMethods: append([]string(nil), cfg.AllowMethods...), + AllowHeaders: append([]string(nil), cfg.AllowHeaders...), + ExposeHeaders: append([]string(nil), cfg.ExposeHeaders...), + AllowCredentials: cfg.AllowCredentials, + MaxAge: cfg.MaxAge, + }, + hasWildcard: hasWildcard, + } + + // Warn if wildcard "*" is used with other origins and credentials are disabled + if hasWildcard && !cfg.AllowCredentials && len(cfg.AllowOrigins) > 1 { + logger.Warnf("[TRIPLE] CORS: wildcard \"*\" in allowOrigins will override all other origins when allowCredentials=false. Other origins will be ignored.") + } + + built.AllowMethods = built.normalizeMethods(handlers) + built.compiledPatterns = built.compilePatterns() + + built.prebuiltAllowMethods = strings.Join(built.AllowMethods, ", ") + built.prebuiltAllowHeaders = strings.Join(built.AllowHeaders, ", ") + built.prebuiltExposeHeaders = strings.Join(built.ExposeHeaders, ", ") + + // maxAge < 0: invalid, use default value + // maxAge == 0: disable caching (don't send header) + // maxAge > 0: use configured value + if built.MaxAge < 0 { + built.MaxAge = defaultPreflightMaxAge + } + + return built +} + +// checkHasWildcard checks if the global wildcard "*" is present in allowOrigins. +// Note: only checks for "*", not subdomain wildcards like "*.example.com". +func (c *corsPolicy) checkHasWildcard() bool { + if c == nil { + return false + } + for _, origin := range c.AllowOrigins { + if origin == wildcardOrigin { + return true + } + } + return false +} + +// normalizeMethods normalizes and deduplicates CORS methods. +func (c *corsPolicy) normalizeMethods(handlers []protocolHandler) []string { + methodSet := c.collectMethods(handlers) + methodSet[http.MethodOptions] = struct{}{} // Always include OPTIONS for preflight + + methods := make([]string, 0, len(methodSet)) + for m := range methodSet { + methods = append(methods, m) + } + sort.Strings(methods) + return methods +} + +// collectMethods collects methods from config, handlers, or defaults (in that priority). +func (c *corsPolicy) collectMethods(handlers []protocolHandler) map[string]struct{} { + methodSet := make(map[string]struct{}) + + // Priority: explicit configuration + if len(c.AllowMethods) > 0 { + for _, m := range c.AllowMethods { + if m != "" { + methodSet[strings.ToUpper(m)] = struct{}{} + } + } + return methodSet + } Review Comment: what will happen if `c.AllowMethods` has illegal str(not a METHOD str)? ########## protocol/triple/triple_protocol/cors.go: ########## @@ -0,0 +1,470 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package triple_protocol + +import ( + "net" + "net/http" + "net/url" + "sort" + "strconv" + "strings" +) + +import ( + "github.com/dubbogo/gost/log/logger" +) + +// originPattern represents a pre-compiled origin matching pattern. +type originPattern struct { + scheme string // empty means any scheme + host string // hostname without port + port string // port (canonical for URL patterns, raw for hostname-only patterns) + isWildcard bool // true for "*" + isSubdomain bool // true for "*.example.com" + raw string // original string for exact match +} + +// CorsConfig is a CORS configuration struct for handler options. +type CorsConfig struct { + AllowOrigins []string + AllowMethods []string + AllowHeaders []string + ExposeHeaders []string + AllowCredentials bool + MaxAge int +} + +// corsPolicy is an internal CORS policy that contains compiled patterns and runtime state. +type corsPolicy struct { + CorsConfig // embed public config to avoid duplication + hasWildcard bool + compiledPatterns []originPattern // pre-compiled patterns for fast matching + // Pre-computed header values to avoid repeated strings.Join calls + prebuiltAllowMethods string + prebuiltAllowHeaders string + prebuiltExposeHeaders string +} + +const ( + defaultPreflightMaxAge = 86400 // 24 hours in seconds + wildcardOrigin = "*" + defaultHTTPPort = "80" + defaultHTTPSPort = "443" +) + +const ( + corsOrigin = "Origin" + corsVary = "Vary" + corsAllowOrigin = "Access-Control-Allow-Origin" + corsAllowMethods = "Access-Control-Allow-Methods" + corsAllowHeaders = "Access-Control-Allow-Headers" + corsExposeHeaders = "Access-Control-Expose-Headers" + corsAllowCredentials = "Access-Control-Allow-Credentials" + corsMaxAge = "Access-Control-Max-Age" + corsRequestMethod = "Access-Control-Request-Method" + corsRequestHeaders = "Access-Control-Request-Headers" +) + +var defaultCorsMethods = []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete} + +// buildCorsPolicy processes the corsPolicy with handlers and returns a fully configured corsPolicy. +func buildCorsPolicy(cfg *corsPolicy, handlers []protocolHandler) *corsPolicy { + if cfg == nil { + return nil + } + if len(cfg.AllowOrigins) == 0 { + return nil + } + + hasWildcard := cfg.checkHasWildcard() + built := &corsPolicy{ + CorsConfig: CorsConfig{ + AllowOrigins: append([]string(nil), cfg.AllowOrigins...), + AllowMethods: append([]string(nil), cfg.AllowMethods...), + AllowHeaders: append([]string(nil), cfg.AllowHeaders...), + ExposeHeaders: append([]string(nil), cfg.ExposeHeaders...), + AllowCredentials: cfg.AllowCredentials, + MaxAge: cfg.MaxAge, + }, + hasWildcard: hasWildcard, + } + + // Warn if wildcard "*" is used with other origins and credentials are disabled + if hasWildcard && !cfg.AllowCredentials && len(cfg.AllowOrigins) > 1 { + logger.Warnf("[TRIPLE] CORS: wildcard \"*\" in allowOrigins will override all other origins when allowCredentials=false. Other origins will be ignored.") + } + + built.AllowMethods = built.normalizeMethods(handlers) + built.compiledPatterns = built.compilePatterns() + + built.prebuiltAllowMethods = strings.Join(built.AllowMethods, ", ") + built.prebuiltAllowHeaders = strings.Join(built.AllowHeaders, ", ") + built.prebuiltExposeHeaders = strings.Join(built.ExposeHeaders, ", ") + + // maxAge < 0: invalid, use default value + // maxAge == 0: disable caching (don't send header) + // maxAge > 0: use configured value + if built.MaxAge < 0 { + built.MaxAge = defaultPreflightMaxAge + } + + return built +} + +// checkHasWildcard checks if the global wildcard "*" is present in allowOrigins. +// Note: only checks for "*", not subdomain wildcards like "*.example.com". +func (c *corsPolicy) checkHasWildcard() bool { + if c == nil { + return false + } + for _, origin := range c.AllowOrigins { + if origin == wildcardOrigin { + return true + } + } + return false +} + +// normalizeMethods normalizes and deduplicates CORS methods. +func (c *corsPolicy) normalizeMethods(handlers []protocolHandler) []string { + methodSet := c.collectMethods(handlers) + methodSet[http.MethodOptions] = struct{}{} // Always include OPTIONS for preflight + + methods := make([]string, 0, len(methodSet)) + for m := range methodSet { + methods = append(methods, m) + } + sort.Strings(methods) + return methods +} + +// collectMethods collects methods from config, handlers, or defaults (in that priority). +func (c *corsPolicy) collectMethods(handlers []protocolHandler) map[string]struct{} { + methodSet := make(map[string]struct{}) + + // Priority: explicit configuration + if len(c.AllowMethods) > 0 { + for _, m := range c.AllowMethods { + if m != "" { + methodSet[strings.ToUpper(m)] = struct{}{} + } + } + return methodSet + } + + // Fallback: extract from handlers + if len(handlers) > 0 { + for _, hdl := range handlers { + for m := range hdl.Methods() { + methodSet[strings.ToUpper(m)] = struct{}{} + } + } + if len(methodSet) > 0 { + return methodSet + } + } + + // Default: use standard CORS methods + for _, m := range defaultCorsMethods { + methodSet[m] = struct{}{} + } + + return methodSet +} + +// compilePatterns pre-compiles origin patterns. +func (c *corsPolicy) compilePatterns() []originPattern { + patterns := make([]originPattern, 0, len(c.AllowOrigins)) + for _, origin := range c.AllowOrigins { + if origin == "" { + continue + } + pattern := newOriginPattern(origin) + patterns = append(patterns, *pattern) + } + return patterns +} + +// newOriginPattern parses an origin string into a compiled pattern. +func newOriginPattern(origin string) *originPattern { + p := &originPattern{} + if origin == wildcardOrigin { + p.isWildcard = true + p.raw = origin + return p + } + + // Try parsing as URL first + u, err := url.Parse(origin) + if err == nil && u.Host != "" { + hostname := u.Hostname() + port := p.canonicalPort(u.Port(), u.Scheme) + isSubdomain := strings.HasPrefix(hostname, "*.") + + p.scheme = u.Scheme + if isSubdomain { + p.host = hostname[2:] // Remove "*." prefix + p.isSubdomain = true + } else { + p.host = hostname + } + p.port = port + p.raw = origin + return p + } + + // Try as hostname-only subdomain format + if strings.HasPrefix(origin, "*.") { + base := origin[2:] // Remove "*." prefix + hostname, port := p.splitHostPort(base) + p.host = hostname + p.port = port + p.isSubdomain = true + p.raw = origin + return p + } + + // Plain hostname or hostname:port (no scheme) + hostname, port := p.splitHostPort(origin) + p.host = hostname + p.port = port + p.raw = origin + return p +} + +// splitHostPort splits host:port into hostname and port. +func (p *originPattern) splitHostPort(hostPort string) (hostname, port string) { + if hostPort == "" { + return "", "" + } + hostname, port, err := net.SplitHostPort(hostPort) + if err != nil { + return hostPort, "" + } + return hostname, port +} + +// canonicalPort returns the canonical port for a given port and scheme. +func (p *originPattern) canonicalPort(port, scheme string) string { + if port != "" { + return port + } + switch scheme { Review Comment: ```suggestion switch strings.ToLower(scheme) { ``` ########## protocol/triple/triple_protocol/cors.go: ########## @@ -0,0 +1,470 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package triple_protocol + +import ( + "net" + "net/http" + "net/url" + "sort" + "strconv" + "strings" +) + +import ( + "github.com/dubbogo/gost/log/logger" +) + +// originPattern represents a pre-compiled origin matching pattern. +type originPattern struct { + scheme string // empty means any scheme + host string // hostname without port + port string // port (canonical for URL patterns, raw for hostname-only patterns) + isWildcard bool // true for "*" + isSubdomain bool // true for "*.example.com" + raw string // original string for exact match +} + +// CorsConfig is a CORS configuration struct for handler options. +type CorsConfig struct { + AllowOrigins []string + AllowMethods []string + AllowHeaders []string + ExposeHeaders []string + AllowCredentials bool + MaxAge int +} + +// corsPolicy is an internal CORS policy that contains compiled patterns and runtime state. +type corsPolicy struct { + CorsConfig // embed public config to avoid duplication + hasWildcard bool + compiledPatterns []originPattern // pre-compiled patterns for fast matching + // Pre-computed header values to avoid repeated strings.Join calls + prebuiltAllowMethods string + prebuiltAllowHeaders string + prebuiltExposeHeaders string +} + +const ( + defaultPreflightMaxAge = 86400 // 24 hours in seconds + wildcardOrigin = "*" + defaultHTTPPort = "80" + defaultHTTPSPort = "443" +) + +const ( + corsOrigin = "Origin" + corsVary = "Vary" + corsAllowOrigin = "Access-Control-Allow-Origin" + corsAllowMethods = "Access-Control-Allow-Methods" + corsAllowHeaders = "Access-Control-Allow-Headers" + corsExposeHeaders = "Access-Control-Expose-Headers" + corsAllowCredentials = "Access-Control-Allow-Credentials" + corsMaxAge = "Access-Control-Max-Age" + corsRequestMethod = "Access-Control-Request-Method" + corsRequestHeaders = "Access-Control-Request-Headers" +) + +var defaultCorsMethods = []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete} + +// buildCorsPolicy processes the corsPolicy with handlers and returns a fully configured corsPolicy. +func buildCorsPolicy(cfg *corsPolicy, handlers []protocolHandler) *corsPolicy { + if cfg == nil { + return nil + } + if len(cfg.AllowOrigins) == 0 { + return nil + } + + hasWildcard := cfg.checkHasWildcard() + built := &corsPolicy{ + CorsConfig: CorsConfig{ + AllowOrigins: append([]string(nil), cfg.AllowOrigins...), + AllowMethods: append([]string(nil), cfg.AllowMethods...), + AllowHeaders: append([]string(nil), cfg.AllowHeaders...), + ExposeHeaders: append([]string(nil), cfg.ExposeHeaders...), + AllowCredentials: cfg.AllowCredentials, + MaxAge: cfg.MaxAge, + }, + hasWildcard: hasWildcard, + } + + // Warn if wildcard "*" is used with other origins and credentials are disabled + if hasWildcard && !cfg.AllowCredentials && len(cfg.AllowOrigins) > 1 { + logger.Warnf("[TRIPLE] CORS: wildcard \"*\" in allowOrigins will override all other origins when allowCredentials=false. Other origins will be ignored.") + } + + built.AllowMethods = built.normalizeMethods(handlers) + built.compiledPatterns = built.compilePatterns() + + built.prebuiltAllowMethods = strings.Join(built.AllowMethods, ", ") + built.prebuiltAllowHeaders = strings.Join(built.AllowHeaders, ", ") + built.prebuiltExposeHeaders = strings.Join(built.ExposeHeaders, ", ") + + // maxAge < 0: invalid, use default value + // maxAge == 0: disable caching (don't send header) + // maxAge > 0: use configured value + if built.MaxAge < 0 { + built.MaxAge = defaultPreflightMaxAge + } + + return built +} + +// checkHasWildcard checks if the global wildcard "*" is present in allowOrigins. +// Note: only checks for "*", not subdomain wildcards like "*.example.com". +func (c *corsPolicy) checkHasWildcard() bool { + if c == nil { + return false + } + for _, origin := range c.AllowOrigins { + if origin == wildcardOrigin { + return true + } + } + return false +} + +// normalizeMethods normalizes and deduplicates CORS methods. +func (c *corsPolicy) normalizeMethods(handlers []protocolHandler) []string { + methodSet := c.collectMethods(handlers) + methodSet[http.MethodOptions] = struct{}{} // Always include OPTIONS for preflight + + methods := make([]string, 0, len(methodSet)) + for m := range methodSet { + methods = append(methods, m) + } + sort.Strings(methods) + return methods +} + +// collectMethods collects methods from config, handlers, or defaults (in that priority). +func (c *corsPolicy) collectMethods(handlers []protocolHandler) map[string]struct{} { + methodSet := make(map[string]struct{}) + + // Priority: explicit configuration + if len(c.AllowMethods) > 0 { + for _, m := range c.AllowMethods { + if m != "" { + methodSet[strings.ToUpper(m)] = struct{}{} + } + } + return methodSet + } + + // Fallback: extract from handlers + if len(handlers) > 0 { + for _, hdl := range handlers { + for m := range hdl.Methods() { + methodSet[strings.ToUpper(m)] = struct{}{} + } + } + if len(methodSet) > 0 { + return methodSet + } + } + + // Default: use standard CORS methods + for _, m := range defaultCorsMethods { + methodSet[m] = struct{}{} + } + + return methodSet +} + +// compilePatterns pre-compiles origin patterns. +func (c *corsPolicy) compilePatterns() []originPattern { + patterns := make([]originPattern, 0, len(c.AllowOrigins)) + for _, origin := range c.AllowOrigins { + if origin == "" { + continue + } + pattern := newOriginPattern(origin) + patterns = append(patterns, *pattern) + } + return patterns +} + +// newOriginPattern parses an origin string into a compiled pattern. +func newOriginPattern(origin string) *originPattern { + p := &originPattern{} + if origin == wildcardOrigin { + p.isWildcard = true + p.raw = origin + return p + } + + // Try parsing as URL first + u, err := url.Parse(origin) + if err == nil && u.Host != "" { + hostname := u.Hostname() + port := p.canonicalPort(u.Port(), u.Scheme) + isSubdomain := strings.HasPrefix(hostname, "*.") + + p.scheme = u.Scheme + if isSubdomain { + p.host = hostname[2:] // Remove "*." prefix + p.isSubdomain = true + } else { + p.host = hostname + } + p.port = port + p.raw = origin + return p + } + + // Try as hostname-only subdomain format + if strings.HasPrefix(origin, "*.") { + base := origin[2:] // Remove "*." prefix + hostname, port := p.splitHostPort(base) + p.host = hostname + p.port = port + p.isSubdomain = true + p.raw = origin + return p + } + + // Plain hostname or hostname:port (no scheme) + hostname, port := p.splitHostPort(origin) + p.host = hostname + p.port = port + p.raw = origin + return p +} + +// splitHostPort splits host:port into hostname and port. +func (p *originPattern) splitHostPort(hostPort string) (hostname, port string) { + if hostPort == "" { + return "", "" + } + hostname, port, err := net.SplitHostPort(hostPort) + if err != nil { + return hostPort, "" + } + return hostname, port +} + +// canonicalPort returns the canonical port for a given port and scheme. +func (p *originPattern) canonicalPort(port, scheme string) string { + if port != "" { + return port + } + switch scheme { + case "http": + return defaultHTTPPort + case "https": + return defaultHTTPSPort + default: + return "" + } +} + +// match checks if the pattern matches the request origin components. +func (p *originPattern) match(reqScheme, reqHostname, reqPort string) bool { + if p.isWildcard { + return true + } + return p.matchScheme(reqScheme) && + p.matchHost(reqHostname) && + p.matchPort(reqPort, reqScheme) +} + +// matchScheme checks if the request scheme matches the pattern. +func (p *originPattern) matchScheme(reqScheme string) bool { + if p.scheme == "" { + return true + } + return p.scheme == reqScheme +} + +// matchHost checks if the request hostname matches. +func (p *originPattern) matchHost(reqHostname string) bool { + if p.isSubdomain { + return p.isSubdomainOf(reqHostname, p.host) + } + return p.host == reqHostname +} + +// matchPort checks if the request port matches the pattern. +func (p *originPattern) matchPort(reqPort, reqScheme string) bool { + if p.port == "" { + if p.scheme == "" { + return true + } + switch reqScheme { Review Comment: ```suggestion switch strings.ToLower(reqScheme) { ``` ########## protocol/triple/triple_protocol/cors.go: ########## @@ -0,0 +1,470 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package triple_protocol + +import ( + "net" + "net/http" + "net/url" + "sort" + "strconv" + "strings" +) + +import ( + "github.com/dubbogo/gost/log/logger" +) + +// originPattern represents a pre-compiled origin matching pattern. +type originPattern struct { + scheme string // empty means any scheme + host string // hostname without port + port string // port (canonical for URL patterns, raw for hostname-only patterns) + isWildcard bool // true for "*" + isSubdomain bool // true for "*.example.com" + raw string // original string for exact match +} + +// CorsConfig is a CORS configuration struct for handler options. +type CorsConfig struct { + AllowOrigins []string + AllowMethods []string + AllowHeaders []string + ExposeHeaders []string + AllowCredentials bool + MaxAge int +} + +// corsPolicy is an internal CORS policy that contains compiled patterns and runtime state. +type corsPolicy struct { + CorsConfig // embed public config to avoid duplication + hasWildcard bool + compiledPatterns []originPattern // pre-compiled patterns for fast matching + // Pre-computed header values to avoid repeated strings.Join calls + prebuiltAllowMethods string + prebuiltAllowHeaders string + prebuiltExposeHeaders string +} + +const ( + defaultPreflightMaxAge = 86400 // 24 hours in seconds + wildcardOrigin = "*" Review Comment: do not re-define it, use `constant.AnyValue` instead -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
