[chore]: Bump github.com/gin-contrib/cors from 1.4.0 to 1.5.0 (#2388)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

vendor/github.com/gin-contrib/cors/.gitignore

@@ -21,3 +21,5 @@ _testmain.go
 *.prof
 
 coverage.out
+
+.idea

vendor/github.com/gin-contrib/cors/.golangci.yml

@@ -4,8 +4,6 @@ linters:
   fast: false
   enable:
     - bodyclose
-    - deadcode
-    - depguard
     - dogsled
     - dupl
     - errcheck
@@ -29,13 +27,11 @@ linters:
     - nolintlint
     - rowserrcheck
     - staticcheck
-    - structcheck
     - stylecheck
     - typecheck
     - unconvert
     - unparam
     - unused
-    - varcheck
     - whitespace
     - gofumpt
 

vendor/github.com/gin-contrib/cors/.goreleaser.yaml

@@ -1,8 +1,7 @@
 project_name: queue
 
 builds:
-  -
-    # If true, skip the build.
+  - # If true, skip the build.
     # Useful for library projects.
     # Default is false
     skip: true
@@ -38,10 +37,10 @@ changelog:
     - title: Features
       regexp: "^.*feat[(\\w)]*:+.*$"
       order: 0
-    - title: 'Bug fixes'
+    - title: "Bug fixes"
       regexp: "^.*fix[(\\w)]*:+.*$"
       order: 1
-    - title: 'Enhancements'
+    - title: "Enhancements"
       regexp: "^.*chore[(\\w)]*:+.*$"
       order: 2
     - title: Others
@@ -52,6 +51,6 @@ changelog:
     # the changelog
     # Default is empty
     exclude:
-      - '^docs'
-      - 'CICD'
+      - "^docs"
+      - "CICD"
       - typo

vendor/github.com/gin-contrib/cors/README.md

@@ -75,7 +75,8 @@ func main() {
   router.Run()
 }
 ```
-note: while Default() allows all origins, DefaultConfig() does not and you will still have to use AllowAllOrigins
+
+Note: while Default() allows all origins, DefaultConfig() does not and you will still have to use AllowAllOrigins.
 
 ### Default() allows all origins
 
@@ -90,3 +91,5 @@ func main() {
   router.Run()
 }
 ```
+
+Using all origins disables the ability for Gin to set cookies for clients. When dealing with credentials, don't allow all origins.

vendor/github.com/gin-contrib/cors/config.go

@@ -8,13 +8,14 @@ import (
 )
 
 type cors struct {
-	allowAllOrigins  bool
-	allowCredentials bool
-	allowOriginFunc  func(string) bool
-	allowOrigins     []string
-	normalHeaders    http.Header
-	preflightHeaders http.Header
-	wildcardOrigins  [][]string
+	allowAllOrigins           bool
+	allowCredentials          bool
+	allowOriginFunc           func(string) bool
+	allowOrigins              []string
+	normalHeaders             http.Header
+	preflightHeaders          http.Header
+	wildcardOrigins           [][]string
+	optionsResponseStatusCode int
 }
 
 var (
@@ -48,14 +49,19 @@ func newCors(config Config) *cors {
 		}
 	}
 
+	if config.OptionsResponseStatusCode == 0 {
+		config.OptionsResponseStatusCode = http.StatusNoContent
+	}
+
 	return &cors{
-		allowOriginFunc:  config.AllowOriginFunc,
-		allowAllOrigins:  config.AllowAllOrigins,
-		allowCredentials: config.AllowCredentials,
-		allowOrigins:     normalize(config.AllowOrigins),
-		normalHeaders:    generateNormalHeaders(config),
-		preflightHeaders: generatePreflightHeaders(config),
-		wildcardOrigins:  config.parseWildcardRules(),
+		allowOriginFunc:           config.AllowOriginFunc,
+		allowAllOrigins:           config.AllowAllOrigins,
+		allowCredentials:          config.AllowCredentials,
+		allowOrigins:              normalize(config.AllowOrigins),
+		normalHeaders:             generateNormalHeaders(config),
+		preflightHeaders:          generatePreflightHeaders(config),
+		wildcardOrigins:           config.parseWildcardRules(),
+		optionsResponseStatusCode: config.OptionsResponseStatusCode,
 	}
 }
 
@@ -80,7 +86,7 @@ func (cors *cors) applyCors(c *gin.Context) {
 
 	if c.Request.Method == "OPTIONS" {
 		cors.handlePreflight(c)
-		defer c.AbortWithStatus(http.StatusNoContent) // Using 204 is better than 200 when the request status is OPTIONS
+		defer c.AbortWithStatus(cors.optionsResponseStatusCode)
 	} else {
 		cors.handleNormal(c)
 	}

vendor/github.com/gin-contrib/cors/cors.go

@@ -17,8 +17,8 @@ type Config struct {
 	// Default value is []
 	AllowOrigins []string
 
-	// AllowOriginFunc is a custom function to validate the origin. It take the origin
-	// as argument and returns true if allowed or false otherwise. If this option is
+	// AllowOriginFunc is a custom function to validate the origin. It takes the origin
+	// as an argument and returns true if allowed or false otherwise. If this option is
 	// set, the content of AllowOrigins is ignored.
 	AllowOriginFunc func(origin string) bool
 
@@ -26,6 +26,9 @@ type Config struct {
 	// cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS)
 	AllowMethods []string
 
+	// AllowPrivateNetwork indicates whether the response should include allow private network header
+	AllowPrivateNetwork bool
+
 	// AllowHeaders is list of non simple headers the client is allowed to use with
 	// cross-domain requests.
 	AllowHeaders []string
@@ -53,6 +56,9 @@ type Config struct {
 
 	// Allows usage of file:// schema (dangerous!) use it only when you 100% sure it's needed
 	AllowFiles bool
+
+	// Allows to pass custom OPTIONS response status code for old browsers / clients
+	OptionsResponseStatusCode int
 }
 
 // AddAllowMethods is allowed to add custom methods

vendor/github.com/gin-contrib/cors/utils.go

@@ -45,6 +45,11 @@ func generatePreflightHeaders(c Config) http.Header {
 		value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10)
 		headers.Set("Access-Control-Max-Age", value)
 	}
+
+	if c.AllowPrivateNetwork {
+		headers.Set("Access-Control-Allow-Private-Network", "true")
+	}
+
 	if c.AllowAllOrigins {
 		headers.Set("Access-Control-Allow-Origin", "*")
 	} else {