Gin-Gonic CORS middleware mishandles a wildcard at the end of an origin string. Examples: https://example.community/* is accepted by the origin string https://example.com/* and http://localhost.example.com/* is accepted by the origin string http://localhost/* .
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gin-contrib/cors | lt | 1.6.0 |