improve docs

aldas · aldas · commit 6f6befe555e9 · 2022-01-03T21:04:17.000+02:00
diff --git a/context.go b/context.go
@@ -214,7 +214,7 @@ const (
 	// ContextKeyHeaderAllow is set by Router for getting value for `Allow` header in later stages of handler call chain.
 	// Allow header is mandatory for status 405 (method not found) and useful for OPTIONS method requests.
 	// It is added to context only when Router does not find matching method handler for request.
-	ContextKeyHeaderAllow = "____echo____header_allow"
+	ContextKeyHeaderAllow = "echo_header_allow"
 )
 
 const (
diff --git a/echo.go b/echo.go
@@ -192,9 +192,10 @@ const (
 const (
 	HeaderAccept         = "Accept"
 	HeaderAcceptEncoding = "Accept-Encoding"
-	// HeaderAllow is header field that lists the set of methods advertised as supported by the target resource.
-	// Allow header is mandatory for status 405 (method not found) and useful OPTIONS method responses.
-	// See: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1
+	// HeaderAllow is the name of the "Allow" header field used to list the set of methods
+	// advertised as supported by the target resource. Returning an Allow header is mandatory
+	// for status 405 (method not found) and useful for the OPTIONS method in responses.
+	// See RFC 7231: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1
 	HeaderAllow               = "Allow"
 	HeaderAuthorization       = "Authorization"
 	HeaderContentDisposition  = "Content-Disposition"
@@ -305,9 +306,8 @@ var (
 	}
 
 	MethodNotAllowedHandler = func(c Context) error {
-		// 'Allow' header RFC: https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1
-		// >> An origin server MUST generate an Allow field in a 405 (Method Not Allowed) response
-		//    and MAY do so in any other response.
+		// See RFC 7231 section 7.4.1: An origin server MUST generate an Allow field in a 405 (Method Not Allowed)
+		// response and MAY do so in any other response. For disabled resources an empty Allow header may be returned
 		routerAllowMethods, ok := c.Get(ContextKeyHeaderAllow).(string)
 		if ok && routerAllowMethods != "" {
 			c.Response().Header().Set(HeaderAllow, routerAllowMethods)
diff --git a/middleware/cors.go b/middleware/cors.go
@@ -172,7 +172,7 @@ func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {
 				checkPatterns := false
 				if allowOrigin == "" {
 					// to avoid regex cost by invalid (long) domains (253 is domain name max limit)
-					if len(origin) <= (253+3+4) && strings.Contains(origin, "://") {
+					if len(origin) <= (253+3+5) && strings.Contains(origin, "://") {
 						checkPatterns = true
 					}
 				}

Original file line number	Diff line number	Diff line change
`@@ -214,7 +214,7 @@ const (`
`214`	`214`	// ContextKeyHeaderAllow is set by Router for getting value for `Allow` header in later stages of handler call chain.
`215`	`215`	`// Allow header is mandatory for status 405 (method not found) and useful for OPTIONS method requests.`
`216`	`216`	`// It is added to context only when Router does not find matching method handler for request.`
`217`		`- ContextKeyHeaderAllow = "____echo____header_allow"`
	`217`	`+ ContextKeyHeaderAllow = "echo_header_allow"`
`218`	`218`	`)`
`219`	`219`
`220`	`220`	`const (`
Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {`
`172`	`172`	`checkPatterns := false`
`173`	`173`	`if allowOrigin == "" {`
`174`	`174`	`// to avoid regex cost by invalid (long) domains (253 is domain name max limit)`
`175`		`- if len(origin) <= (253+3+4) && strings.Contains(origin, "://") {`
	`175`	`+ if len(origin) <= (253+3+5) && strings.Contains(origin, "://") {`
`176`	`176`	`checkPatterns = true`
`177`	`177`	`}`
`178`	`178`	`}`