[BUG] origin invalid when comparing allowed origins

[clD11]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Is it intentional that we are comparing the parsed origin host against the slice of trusted origins opposed to comparing the parsed origin against the trusted origins?

For example, in the code below taken from here

			if !sameOrigin(&requestURL, parsedOrigin) && !slices.Contains(cs.opts.TrustedOrigins, parsedOrigin.Host) {
				r = envError(r, ErrBadOrigin)
				cs.opts.ErrorHandler.ServeHTTP(w, r)
				return
			}

compares the cs.opts.TrustedOrigins against the parsedOrigin.Host i.e. it drops the schema and if the list of trusted origins follows the pattern of Origin: <scheme>://<hostname> then this will fail. Also, the sameOrigin(&requestURL, parsedOrigin) checks the origin including the schema.

As far as I can see there is not mention that the list of trusted origins must drop the schema and this has caused some breakage moving to 1.7.3.

Expected Behavior

The !slices.Contains(cs.opts.TrustedOrigins, parsedOrigin.Host) would compare the full parsedOrigin against the trusted origins. For example, !slices.Contains(cs.opts.TrustedOrigins, parsedOrigin).

Steps To Reproduce

No response

Anything else?

No response