gofiber · ReneWerner87 · Mar 28, 2024 · Dec 3, 2023 · Dec 3, 2023 · Dec 5, 2023
@@ -664,4 +664,4 @@ Hooks is a method to return [hooks](../guide/hooks.md) property.
 
 ```go title="Signature"
 func (app *App) Hooks() *Hooks
-```
+```
@@ -214,4 +214,4 @@ When configuring CORS, misconfiguration can potentially expose your application
 
 - **Inadequate `AllowOriginsFunc` Validation**: When using `AllowOriginsFunc` for dynamic origin validation, ensure the function includes robust checks to prevent unauthorized origins from being accepted. Overly permissive validation can lead to security vulnerabilities. Never allow `AllowOriginsFunc` to return `true` for all origins. This is particularly crucial when `AllowCredentials` is set to `true`. Doing so can bypass the restriction of using a wildcard origin with credentials, exposing your application to serious security threats. If you need to allow wildcard origins, use `AllowOrigins` with a wildcard `"*"` instead of `AllowOriginsFunc`.
 
-Remember, the key to secure CORS configuration is specificity and caution. By carefully selecting which origins, methods, and headers are allowed, you can help protect your application from cross-origin attacks.
+Remember, the key to secure CORS configuration is specificity and caution. By carefully selecting which origins, methods, and headers are allowed, you can help protect your application from cross-origin attacks.
@@ -318,7 +318,6 @@ func originMatchesHost(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins [
 // returns nil if the referer header is valid
 func refererMatchesHost(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins []subdomain) error {
 	referer := strings.ToLower(c.Get(fiber.HeaderReferer))
-
 	if referer == "" {
 		return ErrRefererNotFound
 	}
-Original file line number
+Diff line change
@@ Expand Up @@
     ```go title="Signature"
     func (app *App) Hooks() *Hooks
-    ```
+    ```
Original file line number	Diff line number	Diff line change
Expand Up		@@ -214,4 +214,4 @@ When configuring CORS, misconfiguration can potentially expose your application

		- Inadequate `AllowOriginsFunc` Validation: When using `AllowOriginsFunc` for dynamic origin validation, ensure the function includes robust checks to prevent unauthorized origins from being accepted. Overly permissive validation can lead to security vulnerabilities. Never allow `AllowOriginsFunc` to return `true` for all origins. This is particularly crucial when `AllowCredentials` is set to `true`. Doing so can bypass the restriction of using a wildcard origin with credentials, exposing your application to serious security threats. If you need to allow wildcard origins, use `AllowOrigins` with a wildcard `"*"` instead of `AllowOriginsFunc`.

		Remember, the key to secure CORS configuration is specificity and caution. By carefully selecting which origins, methods, and headers are allowed, you can help protect your application from cross-origin attacks.
		Remember, the key to secure CORS configuration is specificity and caution. By carefully selecting which origins, methods, and headers are allowed, you can help protect your application from cross-origin attacks.