Roland Lammel
4310e90d58
Support Go 1.12 for http.SameSiteNoneMode
2021-01-03 01:09:18 +01:00
Vadim Sabirov
08073575f8
Merge branch 'master' of https://github.com/labstack/echo
2020-12-18 14:39:23 +03:00
Roland Lammel
4422e3b66b
Merge pull request #1718 from little-cui/master
...
Fix static directory traversal security vulnerability for Windows
2020-12-15 16:31:52 +01:00
little-cui
1beaf09740
Bug Fix: Directory Traversal
2020-12-15 21:54:11 +08:00
iambenkay
1c720597bb
adds test for request id
...
- remain unchanged if provided
2020-12-14 19:06:25 +01:00
Vadim Sabirov
53b38de143
Merge branch 'master' of https://github.com/labstack/echo
2020-12-11 12:34:52 +03:00
Roland Lammel
194129d070
Merge pull request #1699 from pafuent/improve_decompress_middleware
...
Adding sync.Pool to Decompress middleware
2020-12-11 10:09:41 +01:00
Roland Lammel
6a266b8539
Merge pull request #1704 from rkfg/jwt-form
...
Support form fields in jwt middleware
2020-12-06 15:42:52 +01:00
Vadim Sabirov
dc147d9b97
Fix #1523 by adding secure cookie if SameSite mode is None
2020-12-03 10:21:31 +03:00
Vadim Sabirov
cb15226984
Merge branch 'master' of https://github.com/labstack/echo
2020-12-03 09:43:47 +03:00
Nenad Lukic
571661692f
Uses filepath.Join instead of hardcoded separator for static middleware test
2020-12-01 09:03:00 +01:00
rkfg
2152e4e872
Support form fields in jwt middleware
2020-12-01 09:51:20 +03:00
Nenad Lukic
3206527cfe
Adds IgnoreBase parameter to static middleware
...
Adds IgnoreBase parameter to static middleware to support the use case of nested route groups
2020-11-30 19:06:00 +01:00
Pablo Andres Fuente
2386e17b21
Increasing Decompress Middleware coverage
2020-11-28 02:03:54 +00:00
Pablo Andres Fuente
14e020bc07
Adding sync.Pool to Decompress middleware
...
Fixing a http.Request.Body leak on the decompress middleware that were
not properly Close
Removing the defer on the call to gzip.Reader, because that reader is
already exausted after the call to io.Copy
2020-11-27 03:01:04 +00:00
Pierre Rousset
e6f24aa8b1
Addressed PR feedback
2020-11-24 16:25:49 +09:00
Pierre Rousset
26ab188922
CORS: add an optional custom function to validate the origin
2020-11-24 16:24:17 +09:00
Roland Lammel
90bef88e1a
Merge pull request #1669 from ulasakdeniz/fix-incorrect-cors-headers
...
Fix empty/incorrect CORS headers
2020-11-20 11:54:01 +01:00
Arun Gopalpuri
b47042f385
adding decompress gzipped request middleware
2020-11-20 00:51:24 -08:00
Pablo Andres Fuente
ac54e132e4
Adding sync.Pool to Compress Middleware
...
Adding a sync.Pool for the *gzip.Writer reduces the allocations of the
Compress middleware in 50% and gives an increase on execution speed of
a 85%
This fix #1643
2020-11-07 03:52:35 +00:00
Ulas Akdeniz
871ed9c68d
Fix incorrect CORS headers
...
- Fix empty Access-Control-Allow-Origin
- Set CORS headers only if request Origin is existing and allowed
- Increase middleware test coverage
2020-11-06 03:10:16 +01:00
Arun Gopalpuri
f6dfcbe774
bugfix proxy and rewrite, updated test with actual call settings
2020-09-16 19:29:22 -07:00
yonbiaoxiao
5c5c83d290
change the hardcode for http constant
2020-09-14 10:23:54 +08:00
Roland Lammel
28ec3f7bdb
Merge pull request #1627 from juanbelieni/master
...
Create ErrJWTInvalid to allow modify error when JWT is invalid
2020-09-01 16:10:16 +02:00
Roland Lammel
2d79ff3d6c
Merge pull request #1628 from arun0009/master
...
set raw path and path in proxy, so url.EscapePath uses raw path
2020-09-01 16:03:30 +02:00
Roland Lammel
cf2fcad01b
Merge pull request #1588 from choyri/bugfix/rewrite
...
Fixes the uses of caret(^) in rewrite regex
2020-09-01 13:22:01 +02:00
Roland Lammel
bcb316500e
Merge pull request #1623 from KlotzAndrew/cors_regex
...
cors allow regex pattern
2020-09-01 13:20:23 +02:00
Arun Gopalpuri
1a6ec73e57
using url.EscapedPath instead of custom GetPath, rewritePath func added to middleware - used by proxy and rewrite
2020-08-31 13:09:24 -07:00
Peter C
6463bcb190
added ModifyResponse option to ProxyConfig ( #1622 )
...
Co-authored-by: Peter C <petoc@users.noreply.github.com>
2020-08-27 17:51:27 -07:00
Juan Belieni
09f36b585d
Create ErrJWTInvalid variable
2020-08-27 19:35:45 -03:00
Andrew Klotz
9a28fb8608
cors allow regex pattern
...
enable cors to use regex pattern for allowed origins
implementation is similar to another popular cors
middleware: https://github.com/astaxie/beego/blob/master/plugins/cors/cors.go#L196-L201
2020-08-19 03:17:12 +00:00
Shinnosuke Sawada
8dd25c39ce
make gzipResponseWriter implement http.Pusher ( #1615 )
2020-08-03 17:58:08 -07:00
chotow
3dbd5dcf6e
Fixes the uses of caret(^) at the beginning of the rewrite regex
2020-07-24 23:37:01 +08:00
chotow
68e8bce645
Revert "Fixes the uses of caret(^) in rewrite regex"
...
This reverts commit 1f51469436e3612e8e121413df905dc9f4ffed0b.
2020-07-24 23:37:01 +08:00
chotow
84da507a2e
Fixes the uses of caret(^) in rewrite regex
2020-07-24 23:37:01 +08:00
Masahiro Furudate
e125b2cf84
Fix recover print stack trace log level ( #1604 )
...
* Fix recover print stack trace log level
* Add recover log level test
* Add default LogLevel to DefaultRecoverConfig
2020-07-06 07:59:42 -07:00
Arun Gopalpuri
2207c37bf8
use echo.GetPath for rewrite in proxy ( #1548 )
...
Co-authored-by: Arun Gopalpuri <arun@gopalpuri.com>
2020-04-08 08:19:22 -07:00
178inaba
269dfcc9dd
Set maxParam with SetParamNames ( #1535 )
...
* Set maxParam with SetParamNames
Fixes #1492
* Revert go.mod
2020-03-30 12:28:07 -07:00
Leaf
542835808e
Quote regex meta characters in Rewrite ( #1541 )
...
Currently there is a half and half situation where the user can't use regex (fully) because * will be replaced with (.*), yet they also can't just enter any old string, because meta chars like . would need escaping.
e.g. currently *.html wouldn't work as intended, and instead *\.html should be used.
Work around this by using regexp's QuoteMeta function to sanitise the input before handling it.
2020-03-28 17:12:39 -07:00
Vadim Sabirov
8b2c77b107
Fix #1523 by adding SameSite mode for CSRF settings
2020-03-04 18:14:23 +03:00
Shinichi TAMURA
7c5af01350
Safer/trustable extraction of real ip from request ( #1478 )
...
* Safer/trustable extraction of real ip from request
* Fix x-real-ip handling on proxy
* fix docs
* fix default check
2020-02-24 08:29:34 -08:00
Dmitry Kutakov
712b5e46c5
format code (gofmt + trim trailing space) ( #1452 )
2020-01-25 09:48:53 -08:00
J. David Lowe
8d7f05e533
round-trip paramValues without exploding ( #1463 )
2020-01-23 18:32:17 -08:00
Shin Ohno
8b7220f97c
Fixed comment typo in BodyDump ( #1431 )
2019-10-30 17:34:27 -07:00
Vishal Rana
d286e285dc
Bumped v4.1.11
...
Signed-off-by: Vishal Rana <vr@labstack.com>
2019-10-06 17:01:28 -07:00
Vishal Rana
05262e484a
Capture proxy middleware error
...
Signed-off-by: Vishal Rana <vr@labstack.com>
2019-10-06 16:56:21 -07:00
Hylke Visser
87da9a948b
Add ReferrerPolicy to Secure middleware ( #1363 )
2019-08-01 15:27:09 -07:00
nattawitc
8cfaf50b8f
fix #1260 change middleware.Logger's default output ( #1336 )
...
* fix TestLoggerIPAddress reverse assertion
* change middleware.Logger default output
* remove nil field declaration
2019-07-17 21:34:31 -07:00
Tom Scholz
31361576e8
feat: Add a new ErrorHandlerWithContext ( #1328 )
...
* feat: Add a new ErrorHandlerWithContext
This commit adds a new error handler, which is passed the
current context, so that you can add custom redirects or even
other kinds of responses. For example:
```go
e.Use(middleware.JWTWithConfig(middleware.JWTConfig{
SigningKey: []byte("secret"),
TokenLookup: "query:token",
ErrorHandlerWithContext: func(err error, c echo.Context) error {
// do stuff with context and err
switch err.(type) {
case jwt.ValidationError:
return c.Redirect(http.StatusSeeOther, "/login")
}
return err
},
}))
```
* chore: address golint issues
2019-06-13 13:21:03 -07:00
ozburo
6b9408d1d1
Added param:<name> lookup option to JWT Middleware ( #1296 )
...
* Added lookup option to JWT Middleware
* Added param:<name> lookup option to JWT Middleware
2019-06-09 09:49:52 -07:00