diff options
| author |  kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> | 2025-04-01 16:21:59 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-04-01 18:21:59 +0200 |
| commit | b0873972ecb6d9977a36898d8281649d38c17df7 (patch) | |
| tree | 1b0eb8a89c99058d443e6550e4dfa3ba347804a7 /vendor/github.com/gin-contrib | |
| parent | update modernc.org/sqlite to v1.37.0-concurrrency-workaround (#3958) (diff) | |
| download | gotosocial-b0873972ecb6d9977a36898d8281649d38c17df7.tar.xz | |
[chore] bump golang.org/x/net@v0.38.0, github.com/gin-contrib/cors@v1.7.4, github.com/spf13/viper@v1.20.1, github.com/tdewolff/minify/v2@v2.22.4 (#3959)
Diffstat (limited to 'vendor/github.com/gin-contrib')
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/.golangci.yml | 1 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/config.go | 14 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/cors.go | 10 |
3 files changed, 23 insertions, 2 deletions
diff --git a/vendor/github.com/gin-contrib/cors/.golangci.yml b/vendor/github.com/gin-contrib/cors/.golangci.yml index d59c99bd4..67edf0ac8 100644 --- a/vendor/github.com/gin-contrib/cors/.golangci.yml +++ b/vendor/github.com/gin-contrib/cors/.golangci.yml @@ -7,7 +7,6 @@ linters: - dogsled - dupl - errcheck - - exportloopref - exhaustive - gochecknoinits - goconst diff --git a/vendor/github.com/gin-contrib/cors/config.go b/vendor/github.com/gin-contrib/cors/config.go index 8a295e3db..a955c3171 100644 --- a/vendor/github.com/gin-contrib/cors/config.go +++ b/vendor/github.com/gin-contrib/cors/config.go @@ -2,6 +2,7 @@ package cors import ( "net/http" + "regexp" "strings" "github.com/gin-gonic/gin" @@ -122,21 +123,32 @@ func (cors *cors) isOriginValid(c *gin.Context, origin string) bool { return valid } +var originRegex = regexp.MustCompile(`^/(.+)/[gimuy]?$`) + func (cors *cors) validateOrigin(origin string) bool { if cors.allowAllOrigins { return true } + for _, value := range cors.allowOrigins { - if value == origin { + if !originRegex.MatchString(value) && value == origin { + return true + } + + if originRegex.MatchString(value) && + regexp.MustCompile(originRegex.FindStringSubmatch(value)[1]).MatchString(origin) { return true } } + if len(cors.wildcardOrigins) > 0 && cors.validateWildcardOrigin(origin) { return true } + if cors.allowOriginFunc != nil { return cors.allowOriginFunc(origin) } + return false } diff --git a/vendor/github.com/gin-contrib/cors/cors.go b/vendor/github.com/gin-contrib/cors/cors.go index 2261df759..cacb34a6c 100644 --- a/vendor/github.com/gin-contrib/cors/cors.go +++ b/vendor/github.com/gin-contrib/cors/cors.go @@ -3,6 +3,7 @@ package cors import ( "errors" "fmt" + "regexp" "strings" "time" @@ -103,8 +104,17 @@ func (c Config) getAllowedSchemas() []string { return allowedSchemas } +var regexpBasedOrigin = regexp.MustCompile(`^\/(.+)\/[gimuy]?$`) + func (c Config) validateAllowedSchemas(origin string) bool { allowedSchemas := c.getAllowedSchemas() + + if regexpBasedOrigin.MatchString(origin) { + // Normalize regexp-based origins + origin = regexpBasedOrigin.FindStringSubmatch(origin)[1] + origin = strings.Replace(origin, "?", "", 1) + } + for _, schema := range allowedSchemas { if strings.HasPrefix(origin, schema) { return true |