[chore] bump golang.org/x/net@v0.38.0, github.com/gin-contrib/cors@v1.7.4, github.com/spf13/viper@v1.20.1, github.com/tdewolff/minify/v2@v2.22.4 (#3959)

author: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> 2025-04-01 16:21:59 +0000
committer: GitHub <noreply@github.com> 2025-04-01 18:21:59 +0200
commit: b0873972ecb6d9977a36898d8281649d38c17df7 (patch)
tree: 1b0eb8a89c99058d443e6550e4dfa3ba347804a7 /vendor/github.com/gin-contrib/cors/cors.go
parent: update modernc.org/sqlite to v1.37.0-concurrrency-workaround (#3958) (diff)
download: gotosocial-b0873972ecb6d9977a36898d8281649d38c17df7.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/vendor/github.com/gin-contrib/cors/cors.go b/vendor/github.com/gin-contrib/cors/cors.go
index 2261df759..cacb34a6c 100644
--- a/vendor/github.com/gin-contrib/cors/cors.go
+++ b/vendor/github.com/gin-contrib/cors/cors.go
@@ -3,6 +3,7 @@ package cors
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -103,8 +104,17 @@ func (c Config) getAllowedSchemas() []string {
 	return allowedSchemas
 }
 
+var regexpBasedOrigin = regexp.MustCompile(`^\/(.+)\/[gimuy]?$`)
+
 func (c Config) validateAllowedSchemas(origin string) bool {
 	allowedSchemas := c.getAllowedSchemas()
+
+	if regexpBasedOrigin.MatchString(origin) {
+		// Normalize regexp-based origins
+		origin = regexpBasedOrigin.FindStringSubmatch(origin)[1]
+		origin = strings.Replace(origin, "?", "", 1)
+	}
+
 	for _, schema := range allowedSchemas {
 		if strings.HasPrefix(origin, schema) {
 			return true
author	kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>	2025-04-01 16:21:59 +0000
committer	GitHub <noreply@github.com>	2025-04-01 18:21:59 +0200
commit	b0873972ecb6d9977a36898d8281649d38c17df7 (patch)
tree	1b0eb8a89c99058d443e6550e4dfa3ba347804a7 /vendor/github.com/gin-contrib/cors/cors.go
parent	update modernc.org/sqlite to v1.37.0-concurrrency-workaround (#3958) (diff)
download	gotosocial-b0873972ecb6d9977a36898d8281649d38c17df7.tar.xz