From 6f6befe555e9f076b8f4a4c060ad100f1c7e46b4 Mon Sep 17 00:00:00 2001 From: toimtoimtoim Date: Thu, 9 Dec 2021 21:57:20 +0200 Subject: [PATCH] improve docs --- context.go | 2 +- echo.go | 12 ++++++------ middleware/cors.go | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/context.go b/context.go index ea542cb8..f2421d77 100644 --- a/context.go +++ b/context.go @@ -214,7 +214,7 @@ const ( // ContextKeyHeaderAllow is set by Router for getting value for `Allow` header in later stages of handler call chain. // Allow header is mandatory for status 405 (method not found) and useful for OPTIONS method requests. // It is added to context only when Router does not find matching method handler for request. - ContextKeyHeaderAllow = "____echo____header_allow" + ContextKeyHeaderAllow = "echo_header_allow" ) const ( diff --git a/echo.go b/echo.go index 8747039e..42789821 100644 --- a/echo.go +++ b/echo.go @@ -192,9 +192,10 @@ const ( const ( HeaderAccept = "Accept" HeaderAcceptEncoding = "Accept-Encoding" - // HeaderAllow is header field that lists the set of methods advertised as supported by the target resource. - // Allow header is mandatory for status 405 (method not found) and useful OPTIONS method responses. - // See: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1 + // HeaderAllow is the name of the "Allow" header field used to list the set of methods + // advertised as supported by the target resource. Returning an Allow header is mandatory + // for status 405 (method not found) and useful for the OPTIONS method in responses. + // See RFC 7231: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1 HeaderAllow = "Allow" HeaderAuthorization = "Authorization" HeaderContentDisposition = "Content-Disposition" @@ -305,9 +306,8 @@ var ( } MethodNotAllowedHandler = func(c Context) error { - // 'Allow' header RFC: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1 - // >> An origin server MUST generate an Allow field in a 405 (Method Not Allowed) response - // and MAY do so in any other response. + // See RFC 7231 section 7.4.1: An origin server MUST generate an Allow field in a 405 (Method Not Allowed) + // response and MAY do so in any other response. For disabled resources an empty Allow header may be returned routerAllowMethods, ok := c.Get(ContextKeyHeaderAllow).(string) if ok && routerAllowMethods != "" { c.Response().Header().Set(HeaderAllow, routerAllowMethods) diff --git a/middleware/cors.go b/middleware/cors.go index a5122f26..16259512 100644 --- a/middleware/cors.go +++ b/middleware/cors.go @@ -172,7 +172,7 @@ func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc { checkPatterns := false if allowOrigin == "" { // to avoid regex cost by invalid (long) domains (253 is domain name max limit) - if len(origin) <= (253+3+4) && strings.Contains(origin, "://") { + if len(origin) <= (253+3+5) && strings.Contains(origin, "://") { checkPatterns = true } }