Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade go-chi/chi to commit that handles Vary header properly
For CORS, the server needs to include `Origin` in the `Vary` response https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#access-control-allow-origin Flipt is using go-chi/cors to handle CORS which does include that header https://github.com/go-chi/cors/blob/9b0b248d5e6ba10c954f076a98c5f7760f243882/cors.go#L242-L247 However, if the request includes `Accept-Encoding`, this triggers this line https://github.com/go-chi/chi/blob/86f9a6e7ce9bf453eaa339b51f88f586edbccbc1/middleware/compress.go#L321 which overrides any previously set Vary headers N.B. `Accept-Encoding` is a forbidden header https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name meaning it can only be set by the user agent and cannot be modified in JS as a workaround This bug was fixed in go-chi/chi#640, so this commit updates go-chi/chi to that commit hash with `go get github.com/go-chi/chi/v5@b750c805b4ee0952b`
- Loading branch information