CORS: irrelevant headers are indiscriminately set in the preflight/actual responses

The CORS middleware [sets](https://github.com/gofr-dev/gofr/blob/39e0a80356386293719204601484a5877ebcb2b4/pkg/middleware/cors.go#L23) each ((if its value is non-empty) of the following headers in _both_ preflight responses and actual responses:

```none
Access-Control-Allow-Origin
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
Access-Control-Expose-Headers
Access-Control-Max-Age
```

However, the only relevant headers for preflight responses are the following:

```none
Access-Control-Allow-Origin
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
Access-Control-Max-Age
```

And the only relevant headers for actual responses are the following:

```none
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
Access-Control-Expose-Headers
```

Middleware should avoid setting irrelevant headers because doing so has a cost, both in terms of transport and [in terms of heap allocations](https://github.com/golang/go/issues/56182) on the server.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CORS: irrelevant headers are indiscriminately set in the preflight/actual responses #139

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CORS: irrelevant headers are indiscriminately set in the preflight/actual responses #139

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions