github gofr-dev/gofr v1.56.0
on GitHub

7 hours ago

Release v1.56.0

🚀 Features

🔹 CORS Multiple Origins Support

GoFr's CORS middleware now supports multiple allowed origins, enabling fine-grained access control for applications serving multiple frontends or admin panels.

  • Comma-Separated Origins: Configure multiple origins via the ACCESS_CONTROL_ALLOW_ORIGIN environment variable
  • Dynamic Origin Matching: On each request, the Origin header is matched against the allowed set and only the matched origin is returned in the response (per HTTP spec)
  • Correct Caching: Adds Vary: Origin header when a specific origin is matched, ensuring proxies and CDNs cache responses correctly
  • Fully Backward-Compatible: Single origin and wildcard (*) work exactly as before

Configuration Example 

# Single origin (existing behavior)
ACCESS_CONTROL_ALLOW_ORIGIN=https://app.example.com

# Multiple origins (new)
ACCESS_CONTROL_ALLOW_ORIGIN=https://app.example.com,https://admin.example.com

🔧 Enhancements

🔹 Selective Migration Record Tracking

Migrations now only insert gofr_migrations records into databases that were actually used by the UP function, instead of all connected databases. Previously, running a migration that only touched MySQL would still insert migration records into Redis, MongoDB, Cassandra, and every other connected database — leading to phantom records, wasted I/O, and a misleading audit trail. Each datasource is now wrapped with lightweight usage-tracking before UP() executes, and only touched databases receive the migration record.

🛠️ Fixes

  • WebSocket Nil Pointer Panic — Fixed a nil pointer dereference in WriteMessageToSocket when no WebSocket connection exists in the context. It now returns ErrConnectionNotFound instead of panicking.

  • File Logger Descriptor LeakNewFileLogger() opens a file via os.OpenFile but previously had no way to close it, causing file descriptor leaks. Added a Close() method to the logger, which is now called during App.Shutdown() (HTTP/gRPC) and after cmd.Run() (CLI apps). Fatal/Fatalf also now call file.Sync() before exiting to flush buffered log data.

  • Cron Job Duration Log Format — Fixed %!s(float64=...) in cron job completion logs by keeping duration as time.Duration instead of converting to float64. Logs now show human-readable durations (e.g., 25.071286ms instead of %!s(float64=0.025071286)).

  • UpdateOne Breaking Change Reverted — Reverted the Mongo interface's UpdateOne return type from (int64, error) back to error, fixing a breaking change introduced in v1.55.0. The migration lock refresh now uses UpdateMany (which already returns the needed ModifiedCount) with a filter that guarantees at most one document matches.

  • Dependency Updates — Consolidated minor dependency updates and bumped github.com/go-jose/go-jose/v4 for security improvements.

Check out latest releases or
releases around gofr-dev/gofr v1.56.0

Don't miss a new gofr release

NewReleases is sending notifications on new releases.

Get notifications