fix(rpc): trim spaces in CORS domain parsing (#22192)

Co-authored-by: DaniPopes <57450786+DaniPopes@users.noreply.github.com>
This commit is contained in:
drhgencer
2026-02-16 12:21:34 +05:30
committed by GitHub
parent 314a92e93c
commit 997af404a5

View File

@@ -27,7 +27,7 @@ pub(crate) fn create_cors_layer(http_cors_domains: &str) -> Result<CorsLayer, Co
.allow_origin(Any)
.allow_headers(Any),
_ => {
let iter = http_cors_domains.split(',');
let iter = http_cors_domains.split(',').map(str::trim);
if iter.clone().any(|o| o == "*") {
return Err(CorsDomainError::WildCardNotAllowed {
input: http_cors_domains.to_string(),
@@ -51,3 +51,15 @@ pub(crate) fn create_cors_layer(http_cors_domains: &str) -> Result<CorsLayer, Co
};
Ok(cors)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_wildcard_with_spaces_rejected() {
// Wildcard with leading space should still be rejected
let result = create_cors_layer("http://example.com, *");
assert!(matches!(result, Err(CorsDomainError::WildCardNotAllowed { .. })));
}
}