Revert back to v4 behavior for group registering implicit 404 handler…#2996
Revert back to v4 behavior for group registering implicit 404 handler…#2996aldas wants to merge 3 commits into
Conversation
…s. This will fix: CORS middleware doesnt automatically handle OPTIONS routes for groups anymore since upgrade to v5
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2996 +/- ##
==========================================
+ Coverage 93.17% 93.20% +0.02%
==========================================
Files 43 43
Lines 4501 4517 +16
==========================================
+ Hits 4194 4210 +16
- Misses 189 190 +1
+ Partials 118 117 -1 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
Did a due-diligence pass on this PR in the context of the v5 group/CORS regression (#2950, and the related #2485/#2517). Notes for whoever reviews: Approach looks right. Registering the catch-all with a CI is effectively green. All test jobs pass (ubuntu/macos/windows × Go 1.25/1.26, One thing worth gating the merge on: v5 removed the implicit group catch-all deliberately, because it could let
If those hold, this looks like the fix to close the loudest v5-upgrade complaint. Happy to help add the regression tests or a migration-guide note (the behavior change still isn't documented in |
|
Followed up on my earlier note with actual tests, and found one concrete thing worth a decision before merge: this PR reintroduces v4's 405-masking. I ran the same scenario (
So the behavior change is faithful to v4 — but it's a regression relative to current v5, which correctly returns 405. Mechanism: the restored group catch-all ( Good news from the same test pass: the route-shadowing concerns I raised earlier are unfounded — concrete sibling routes, root-level routes, and sibling groups all still resolve correctly with the catch-all in place. The 405 case is the only regression. I opened #3003 with these as regression tests (4 of them; all green on
Happy to help with either. Leaning toward (1) if the router can distinguish the two cases. |
Addresses review of the original regression file (PR #3003): its comments described an automatic group catch-all "triggered by middleware" that does not exist on master (v5), so the tests passed for the wrong reason and the no-op middleware was inert. Rewrite to assert v5's actual, verified behavior: - method mismatch on a group route -> 405 with full Allow header - OPTIONS on a registered group route -> 204 with Allow (preflight-relevant) - concrete routes resolve; group prefix does not affect root routes The 405 and OPTIONS tests are real gates: a group-level catch-all (manual or the auto-registration proposed in #2996) masks both as 404, which these tests would then catch. Drops the false premise, the inert middleware, and the in-comment PR reference. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* test: guard group catch-all against 405-masking and route shadowing Adds regression tests around automatic group catch-all (404) route registration. v5 removed that auto-registration; if it is restored (e.g. PR #2996) these tests ensure it does not bring back the issues that motivated the removal: - wrong HTTP method on an existing group route must still return 405 (with Allow header), not be masked to 404 by the catch-all; - the group catch-all must not shadow concrete sibling routes, root routes, or other sibling groups' routes. All four pass on current master (v5). The 405 test fails against the restore-v4-behavior approach in #2996, pinning down that tradeoff. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: rewrite group method-handling tests after review Addresses review of the original regression file (PR #3003): its comments described an automatic group catch-all "triggered by middleware" that does not exist on master (v5), so the tests passed for the wrong reason and the no-op middleware was inert. Rewrite to assert v5's actual, verified behavior: - method mismatch on a group route -> 405 with full Allow header - OPTIONS on a registered group route -> 204 with Allow (preflight-relevant) - concrete routes resolve; group prefix does not affect root routes The 405 and OPTIONS tests are real gates: a group-level catch-all (manual or the auto-registration proposed in #2996) masks both as 404, which these tests would then catch. Drops the false premise, the inert middleware, and the in-comment PR reference. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: add rewritten group method-handling tests The previous commit recorded only the deletion of the old file; this adds the rewritten suite (group_method_handling_test.go). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: add companion test demonstrating group catch-all masking Addresses final review: converts the "verified empirically" comment into an actual test. TestGroupRoute_catchAllMasksMethodHandling registers a group-wide catch-all and asserts it masks both the 405 method-mismatch and the automatic OPTIONS (204) response as 404 — the regression the 405/OPTIONS gate tests guard against. Makes the rationale self-proving in-repo. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2 participants
FIX: #2950
Revert back to v4 behavior for group registering implicit 404 handlers. This will fix: CORS middleware doesnt automatically handle OPTIONS routes for groups anymore since upgrade to v5.
This is a breaking change in
v5. It reverts back tov4behavior.