⚡ perf: Optimize CORS exact-origin lookup to O(1)

middleware/cors/cors.go

@@ -1,7 +1,6 @@
 package cors
 
 import (
-	"slices"
 	"strconv"
 	"strings"
 
@@ -53,9 +52,9 @@ func New(config ...Config) fiber.Handler {
 		log.Warn("[CORS] Both 'AllowOrigins' and 'AllowOriginsFunc' have been defined.")
 	}
 
-	// allowOrigins is a slice of strings that contains the allowed origins
+	// allowOrigins is a set of strings that contains the allowed origins
 	// defined in the 'AllowOrigins' configuration.
-	allowOrigins := []string{}
+	allowOrigins := make(map[string]struct{}, len(cfg.AllowOrigins))
 	allowSubOrigins := []subdomain{}
 
 	// Validate and normalize static AllowOrigins
@@ -84,7 +83,7 @@ func New(config ...Config) fiber.Handler {
 			if !isValid {
 				panic("[CORS] Invalid origin format in configuration: " + maskValue(trimmedOrigin))
 			}
-			allowOrigins = append(allowOrigins, normalizedOrigin)
+			allowOrigins[normalizedOrigin] = struct{}{}
 		}
 	}
 
@@ -141,7 +140,7 @@ func New(config ...Config) fiber.Handler {
 			allowOrigin = "*"
 		} else {
 			// Check if the origin is in the list of allowed origins
-			if slices.Contains(allowOrigins, originHeader) {
+			if _, ok := allowOrigins[originHeader]; ok {
 				allowOrigin = originHeaderRaw
 			}
 

middleware/cors/cors_test.go

@@ -101,6 +101,23 @@ func Test_CORS_Preserve_Origin_Case(t *testing.T) {
 	require.Equal(t, origin, string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
 }
 
+func Test_CORS_AllowOrigins_NormalizedExactLookup(t *testing.T) {
+	t.Parallel()
+
+	app := fiber.New()
+	app.Use(New(Config{AllowOrigins: []string{" HTTP://EXAMPLE.COM/ "}}))
+
+	origin := "http://example.com"
+
+	ctx := &fasthttp.RequestCtx{}
+	ctx.Request.Header.SetMethod(fiber.MethodOptions)
+	ctx.Request.Header.Set(fiber.HeaderAccessControlRequestMethod, fiber.MethodGet)
+	ctx.Request.Header.Set(fiber.HeaderOrigin, origin)
+	app.Handler()(ctx)
+
+	require.Equal(t, origin, string(ctx.Response.Header.Peek(fiber.HeaderAccessControlAllowOrigin)))
+}
+
 func testDefaultOrEmptyConfig(t *testing.T, app *fiber.App) {
 	t.Helper()