From e61db5e4a4c3d8b058b041af7c4d06a0cb17f2b7 Mon Sep 17 00:00:00 2001 From: Christopher Vermilion Date: Mon, 3 Oct 2022 09:49:10 -0400 Subject: [PATCH] Add "Access-Control-Request-Private-Network" to Vary This should have been part of https://github.com/rs/cors/pull/127. --- cors.go | 3 +++ cors_test.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cors.go b/cors.go index 4fe1441..a47b7df 100644 --- a/cors.go +++ b/cors.go @@ -287,6 +287,9 @@ func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) { headers.Add("Vary", "Origin") headers.Add("Vary", "Access-Control-Request-Method") headers.Add("Vary", "Access-Control-Request-Headers") + if c.allowPrivateNetwork { + headers.Add("Vary", "Access-Control-Request-Private-Network") + } if origin == "" { c.logf(" Preflight aborted: empty origin") diff --git a/cors_test.go b/cors_test.go index 4d7b5f7..da16a29 100644 --- a/cors_test.go +++ b/cors_test.go @@ -401,7 +401,7 @@ func TestSpec(t *testing.T) { "Access-Control-Request-Private-Network": "true", }, map[string]string{ - "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers", + "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", "Access-Control-Allow-Origin": "http://foobar.com", "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Private-Network": "true",