Comments (11)
It appears that the only effect that DisableHeaderNormalizing
has is to set app.server.DisableHeaderNamesNormalizing = app.config.DisableHeaderNormalizing
.
The fasthttp documentation for this setting is a bit more detailed on its effects:
// Header names are passed as-is without normalization
// if this option is set.
//
// Disabled header names' normalization may be useful only for proxying
// incoming requests to other servers expecting case-sensitive
// header names. See https://github.com/valyala/fasthttp/issues/57
// for details.
//
// By default request and response header names are normalized, i.e.
// The first letter and the first letters following dashes
// are uppercased, while all the other letters are lowercased.
// Examples:
//
// * HOST -> Host
// * content-type -> Content-Type
// * cONTENT-lenGTH -> Content-Length
DisableHeaderNamesNormalizing bool
from fiber.
Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord
from fiber.
@Max-Cheng Which version of v2 are you running?
from fiber.
The main issue is whether Enable DisableHeaderNormalizing should affect the behavior of the CORS middleware or not.
from fiber.
Ping @sixcolors
from fiber.
@Max-Cheng Which version of v2 are you running?
github.com/gofiber/fiber/v2 v2.52.4
from fiber.
In my situation, I'm using a global middleware to enforce the Origin header to be in uppercase and process the correct logical path.
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/log"
"github.com/gofiber/fiber/v2/middleware/cors"
)
func main() {
app := fiber.New(fiber.Config{
DisableHeaderNormalizing: true,
})
app.Use(func(c *fiber.Ctx) error {
if c.Get("origin") != "" {
c.Request().Header.Set(fiber.HeaderOrigin, c.Get("origin"))
return c.Next()
}
return c.Next()
})
app.Use(cors.New(cors.Config{
AllowOrigins: "*",
AllowMethods: "*",
AllowHeaders: "*",
}))
app.Get("/", func(c *fiber.Ctx) error {
return c.SendString("Hello, World!")
})
log.Fatal(app.Listen(":3000"))
}
from fiber.
This should not be the case. CORS middleware calls originHeader := strings.ToLower(c.Get(fiber.HeaderOrigin))
, and c.Get
is case insensitive, https://docs.gofiber.io/api/ctx/#get.
I will test and get back to you.
from fiber.
@Max-Cheng I understand what you mean now. If you set app := fiber.New(fiber.Config{ DisableHeaderNormalizing: true, })
, it will impact headers in any fiber middleware.
Since the Cross-Origin Resource Sharing (CORS) and other middleware included with fiber use c.Get
for headers, the middleware behaviour will follow this pattern. According to https://datatracker.ietf.org/doc/html/rfc2616#section-4.2, "Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive." Therefore, the default fiber behaviour is correct. However, the DisableHeaderNormalizing
option allows users to disable this, which would cause the behaviour you noted.
However, the comment for DisableHeaderNormalizing
does not seem to adequately capture this:
// When set to true, disables header normalization.
// By default all header names are normalized: conteNT-tYPE -> Content-Type.
//
// Default: false
Because https://docs.gofiber.io/api/ctx/#get notes that: "The match is case-insensitive." and the DisableHeaderNormalizing
does not specify that it has other effects, I think we can address that in the documentation.
from fiber.
Yes. I don't think we should change the behaviour of the CORS middleware
from fiber.
Another mistake in this case.
If DisableHeaderNormalizing is enabled and the client is using HTTP/2 protocol to access the backend. CORS middleware will judge that this request is not a CORS request.
https://github.com/gofiber/fiber/blob/v2/middleware/cors/cors.go#L177
from fiber.
Related Issues (20)
- 🐛 [Bug]: setting a Logger that access TLSConnectionState() will break when `app.Server().MaxConnsPerIP` is set to a value HOT 9
- 🤗 [Question]: Fiber http with Cloudflare ssl reverse leading to 525, SSL handshake failed HOT 2
- 🤗 [Question] Is Fiber going to be used for Rust? HOT 3
- proxy.Balancer middleware should handle http backend servers when using app.ListenTLS HOT 2
- 🤗 [Question]: How to get the form data from the html form object? HOT 1
- 📝 [Proposal]: Add support for zstd compression
- 📝 [Proposal]: Add support for CHIPS (Cookies Having Independent Partitioned State)
- 🐛 [Bug]: incorrect selection of the error handler if one of the sub apps is mounted on "/" HOT 2
- 🤗 [Question]: gofiber v3 rc release date? HOT 2
- 📝 [Proposal]: v3 auto binding HOT 2
- 🤗 [Question]: Does fiber v3's Request not have the function of adding files to FormData? HOT 3
- 🤗 [Question]: I have a problem with Middleware HOT 10
- 🤗 [Question]: Is `fiber.Ctx` thread safe? If not, is that documented? HOT 8
- 🤗 [Question]: A new Redis key is created every time the url is accessed. Is this normal? HOT 5
- [question]: Why do long requests block each other? HOT 15
- 🐛 [Bug]: Limiter middleware with pebble storage does not deduct remaining limit
- 📝 [Proposal]: Improving route matching and url parsing performance with Ada Url HOT 7
- Improve Error Handling in CSRF Middleware Storage
- 🤗 [Question]: v3 when ready for production HOT 1
- 🐛 [Bug]: Unclear "json: invalid use of ,string struct tag, trying to unmarshal unquoted value into uint64" HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fiber.