Compare commits

...

3 Commits

Author SHA1 Message Date
Hein 8a06aacfb2 fix(cors): update CORS headers handling for requests
Tests / Integration Tests (push) Failing after 1s
Tests / Unit Tests (push) Failing after 22s
Build , Vet Test, and Lint / Build (push) Successful in 1m1s
Build , Vet Test, and Lint / Lint Code (push) Successful in 1m19s
Build , Vet Test, and Lint / Run Vet Tests (1.23.x) (push) Successful in 1m35s
Build , Vet Test, and Lint / Run Vet Tests (1.24.x) (push) Successful in 1m36s
* Reflect request origin for Access-Control-Allow-Origin
* Set Vary header for caching based on origin
* Allow specific headers from preflight requests
* Enable credentials only for specific origins
2026-07-01 12:27:39 +02:00
Hein 705c4f8001 fix(manager): ensure HTTP1 is set when HTTP2 is disabled
Tests / Integration Tests (push) Failing after 1s
Tests / Unit Tests (push) Failing after 1m41s
Build , Vet Test, and Lint / Run Vet Tests (1.23.x) (push) Successful in 3m50s
Build , Vet Test, and Lint / Run Vet Tests (1.24.x) (push) Successful in 3m53s
Build , Vet Test, and Lint / Build (push) Successful in 3m55s
Build , Vet Test, and Lint / Lint Code (push) Successful in 4m3s
2026-06-30 13:54:56 +02:00
Hein d648614611 feat(config): add PanicHandler to Config for custom recovery 2026-06-30 13:49:51 +02:00
3 changed files with 43 additions and 16 deletions
+20 -13
View File
@@ -115,32 +115,39 @@ func GetHeadSpecHeaders() []string {
// SetCORSHeaders sets CORS headers on a response writer // SetCORSHeaders sets CORS headers on a response writer
func SetCORSHeaders(w ResponseWriter, r Request, config CORSConfig) { func SetCORSHeaders(w ResponseWriter, r Request, config CORSConfig) {
// Set allowed origins // Reflect the request origin; fall back to wildcard only when no origin is present
// if len(config.AllowedOrigins) > 0 { origin := r.Header("Origin")
// w.SetHeader("Access-Control-Allow-Origin", strings.Join(config.AllowedOrigins, ", ")) if origin == "" {
// } origin = "*"
} else {
// Todo origin list parsing // Vary must be set so caches don't serve one origin's response to another
w.SetHeader("Access-Control-Allow-Origin", "*") httpW := w.UnderlyingResponseWriter()
httpW.Header().Set("Vary", "Origin")
}
w.SetHeader("Access-Control-Allow-Origin", origin)
// Set allowed methods // Set allowed methods
if len(config.AllowedMethods) > 0 { if len(config.AllowedMethods) > 0 {
w.SetHeader("Access-Control-Allow-Methods", strings.Join(config.AllowedMethods, ", ")) w.SetHeader("Access-Control-Allow-Methods", strings.Join(config.AllowedMethods, ", "))
} }
// Set allowed headers // Reflect the preflight request headers when present; otherwise use the explicit config list
// if len(config.AllowedHeaders) > 0 { requestedHeaders := r.Header("Access-Control-Request-Headers")
// w.SetHeader("Access-Control-Allow-Headers", strings.Join(config.AllowedHeaders, ", ")) if requestedHeaders != "" {
// } w.SetHeader("Access-Control-Allow-Headers", requestedHeaders)
w.SetHeader("Access-Control-Allow-Headers", "*") } else if len(config.AllowedHeaders) > 0 {
w.SetHeader("Access-Control-Allow-Headers", strings.Join(config.AllowedHeaders, ", "))
}
// Set max age // Set max age
if config.MaxAge > 0 { if config.MaxAge > 0 {
w.SetHeader("Access-Control-Max-Age", fmt.Sprintf("%d", config.MaxAge)) w.SetHeader("Access-Control-Max-Age", fmt.Sprintf("%d", config.MaxAge))
} }
// Allow credentials // Allow credentials only when a specific origin is reflected (not wildcard)
if origin != "*" {
w.SetHeader("Access-Control-Allow-Credentials", "true") w.SetHeader("Access-Control-Allow-Credentials", "true")
}
// Expose headers that clients can read // Expose headers that clients can read
exposeHeaders := config.AllowedHeaders exposeHeaders := config.AllowedHeaders
+4
View File
@@ -42,6 +42,10 @@ type Config struct {
// AutoTLSEmail is the email for Let's Encrypt registration (optional but recommended) // AutoTLSEmail is the email for Let's Encrypt registration (optional but recommended)
AutoTLSEmail string AutoTLSEmail string
// PanicHandler is called when a request handler panics.
// If nil, the default middleware.PanicRecovery is used (logs, records metric, returns 500).
PanicHandler func(w http.ResponseWriter, r *http.Request, rcv any)
// Graceful shutdown configuration // Graceful shutdown configuration
// ShutdownTimeout is the maximum time to wait for graceful shutdown // ShutdownTimeout is the maximum time to wait for graceful shutdown
// Default: 30 seconds // Default: 30 seconds
+17 -1
View File
@@ -452,8 +452,19 @@ func newInstance(cfg Config) (*serverInstance, error) {
handler = gz(handler) handler = gz(handler)
} }
// Wrap with the panic recovery middleware // Wrap with panic recovery — use caller-supplied handler if provided
if cfg.PanicHandler != nil {
handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer func() {
if rcv := recover(); rcv != nil {
cfg.PanicHandler(w, r, rcv)
}
}()
handler.ServeHTTP(w, r)
})
} else {
handler = middleware.PanicRecovery(handler) handler = middleware.PanicRecovery(handler)
}
// Configure TLS if any TLS option is enabled // Configure TLS if any TLS option is enabled
tlsConfig, certFile, keyFile, err := configureTLS(cfg) tlsConfig, certFile, keyFile, err := configureTLS(cfg)
@@ -475,6 +486,10 @@ func newInstance(cfg Config) (*serverInstance, error) {
// The GODEBUG=http2xconnect=1 flag is read by net/http's init(); setting it here // The GODEBUG=http2xconnect=1 flag is read by net/http's init(); setting it here
// ensures it propagates to subprocesses and any future process restarts. // ensures it propagates to subprocesses and any future process restarts.
// For the current process, set GODEBUG=http2xconnect=1 in the environment before launch. // For the current process, set GODEBUG=http2xconnect=1 in the environment before launch.
if httpServer.Protocols == nil {
httpServer.Protocols = &http.Protocols{}
httpServer.Protocols.SetHTTP1(true)
}
if cfg.HTTP2 { if cfg.HTTP2 {
if existing := os.Getenv("GODEBUG"); !strings.Contains(existing, "http2xconnect=1") { if existing := os.Getenv("GODEBUG"); !strings.Contains(existing, "http2xconnect=1") {
if existing == "" { if existing == "" {
@@ -489,6 +504,7 @@ func newInstance(cfg Config) (*serverInstance, error) {
httpServer.Protocols.SetHTTP2(true) httpServer.Protocols.SetHTTP2(true)
httpServer.Protocols.SetUnencryptedHTTP2(true) httpServer.Protocols.SetUnencryptedHTTP2(true)
} else { } else {
httpServer.Protocols.SetHTTP1(true)
httpServer.Protocols.SetHTTP2(false) httpServer.Protocols.SetHTTP2(false)
} }