Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-party CORS support to the Gin-based API so browser clients can call fmsg-webapi (including successful preflight handling) while keeping existing server-to-server behavior unchanged.
Changes:
- Introduces a configurable CORS middleware (
CORSConfig,DefaultCORSConfig,NewCORS) with preflight handling. - Wires CORS into
main.goviaFMSG_CORS_ORIGINS, ensuring it runs before JWT auth middleware. - Adds middleware unit tests and updates README configuration/docs (including TLS/port behavior).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/middleware/cors.go | New CORS middleware implementation and configuration defaults |
| src/middleware/cors_test.go | Test coverage for allowed/disallowed origins, wildcard, and preflight behavior |
| src/main.go | Enables CORS via env var and ensures middleware ordering; makes TLS port configurable via FMSG_API_PORT |
| README.md | Documents FMSG_CORS_ORIGINS and clarifies TLS/port guidance |
Comment on lines
+94
to
+98
| if c.Request.Method == http.MethodOptions { | ||
| // Preflight. | ||
| c.Writer.Header().Add("Vary", "Access-Control-Request-Method") | ||
| c.Writer.Header().Add("Vary", "Access-Control-Request-Headers") | ||
| if methods != "" { |
There was a problem hiding this comment.
NewCORS currently short-circuits all OPTIONS requests from an allowed Origin with a 204 response. That treats non-preflight OPTIONS calls (no Access-Control-Request-Method header) as preflight and prevents legitimate OPTIONS handlers from running. Consider only taking the preflight path when Access-Control-Request-Method is present (and otherwise c.Next()).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.