Allow header support in Router, MethodNotFoundHandler (405) and CORS middleware

[aldas]

This PR adds support for Allow header to

• http OPTIONS method responses
• status 405 (method not found) responses
• CORS middleware

Allow header lists all method types registered for given routed url path.

Related RFCs:

• Allow RFC https://datatracker.ietf.org/doc/html/rfc7231#section-7.4.1 all 405 should have Allow header listing all methods that router has registered for given path.
• OPTIONS RFC https://httpwg.org/specs/rfc7231.html#OPTIONS Allow is optional but useful header to have

Implementation notes:

• Although in case of OPTIONS method router now add special options method handler instead of MethodNotFound handler as found/matched handler, we can not rely on that for CORS middleware. In CORS middleware we can not remove IF conditions for OPTIONS as when browser sends OPTIONS request it does not (by default) include cookie / authentication headers and therefore if we would blindly use next(c) and hope to meet our router optionshandler we probably not succeed because of different kinds of authentication middlewares (ala JWT or BasicAuth or KeyAuth) which check for stuff like that.
• The reason for adding Allow value to context echo.ContextKeyHeaderAllow is because default 405 handler needs to be able to access that value and possibly CORS middleware is interested in that value. As echo.MethodNotAllowedHandler is part of public API we can not change how that method is created due backwards compatibility.
• optionsMethodHandler is kept private as it is router specific implementation detail. If you want your own then you can add them with e.OPTIONS() method for paths you choose.

Using context values in Echo core is so far unprecedented and potentially controversial decision. I did not want to introduce new field into echo.context struct as it is quite specific case and I know that Go standard library http.Server is using context.Context to add some info to each request context - so it is not so unheard of but probably should be avoided:

See:

• http.ServerContextKey
• http.LocalAddrContextKey

Let's have a discussion

[codecov]

Codecov Report

Merging #2039 (73c9678) into master (b437ee3) will increase coverage by 0.24%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #2039      +/-   ##
==========================================
+ Coverage   91.32%   91.57%   +0.24%     
==========================================
  Files          33       33              
  Lines        2871     2919      +48     
==========================================
+ Hits         2622     2673      +51     
+ Misses        159      157       -2     
+ Partials       90       89       -1     

Impacted Files	Coverage Δ
context.go	86.93% <ø> (ø)
echo.go	94.20% <100.00%> (+0.05%)	⬆️
middleware/cors.go	92.13% <100.00%> (+2.97%)	⬆️
router.go	96.48% <100.00%> (+0.75%)	⬆️
middleware/request_id.go	85.71% <0.00%> (+1.50%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b437ee3...73c9678. Read the comment docs.

[aldas]

@lammel when you have time. please review.

[lammel]

Working on it... so many lines to review ;-) Martti T. ***@***.***> schrieb am So., 5. Dez. 2021, 18:35:

…

@lammel <https://github.com/lammel> when you have time. please review. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2039 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAKVHUTUACCGXVWWVWZSTTUPOPFPANCNFSM5JL7GEXQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[lammel]

Didn't have time to run or check on the tests yet, but code is mostly reviewed now an LGTM.

[lammel]

Fine piece of coding work. LGTM!