dongxie8856 2017-04-05 13:20
浏览 495
已采纳

带有golang后端的CORS请求不起作用

I'm facing some issue with my implementation. I have a backend written in Golang and the UI (in Angular2) which are on the same server.

I've tried to set the CORS handling in my backend but it still doesn't work and I'm not getting why.

Here's my code:

package main

import (
    "log"
    "net/http"

    "github.com/gorilla/mux"
    "github.com/rs/cors"
)

var router *mux.Router

func main() {
    router = mux.NewRouter()

    HandleFuncEx("/authentication", handleAuthentication)
    HandleFuncEx("/callA", handleCallA)
    HandleFuncEx("/callB", handleCallB)
    HandleFuncEx("/callC", handleCallC)

    handler := cors.New(cors.Options{
        AllowedOrigins: []string{"*"},
        AllowedMethods: []string{"GET", "POST", "PATCH"},
        AllowedHeaders: []string{"a_custom_header", "content_type"},
    }).Handler(router)
    http.ListenAndServe(":8000", handler)

}

func HandleFuncEx(pattern string, handler func(http.ResponseWriter, *http.Request)) {
    log.Println("handled function", pattern)
    router.HandleFunc(pattern, handler)
}

The authentication pattern works correctly (is the first called by the UI) all the others calls fails the preflight request. Why is it happening?

Thanks everybody for the help!

EDIT:

This is an example of a non-working response Headers:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Fri, 07 Apr 2017 08:33:12 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

And these are request's headers:

OPTIONS /users HTTP/1.1
Host: /* Removed by my company policy */
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: /* Removed by my company policy */
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Access-Control-Request-Headers: access_token
Accept: */*
Referer: /* Removed by my company policy */
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,it;q=0.4,la;q=0.2
  • 写回答

3条回答 默认 最新

  • dtkvlj5386 2017-04-07 09:08
    关注

    As Adrian pointed out, you need to add the OPTIONS Method to the AllowedMethods array.

    Please also consider to add Accept, Accept-Language and Content-Type to the AllowedHeaders as good practice.

    If you don't want to use the github.com/rs/cors package, you can write a simple CORS decorator middleware on your own like this:

    CORS decorator

    import (
    "net/http"

    "github.com/gorilla/mux"
)

// CORSRouterDecorator applies CORS headers to a mux.Router
type CORSRouterDecorator struct {
    R *mux.Router
}

// ServeHTTP wraps the HTTP server enabling CORS headers.
// For more info about CORS, visit https://www.w3.org/TR/cors/
func (c *CORSRouterDecorator) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
    if origin := req.Header.Get("Origin"); origin != "" {
        rw.Header().Set("Access-Control-Allow-Origin", origin)
        rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        rw.Header().Set("Access-Control-Allow-Headers", "Accept, Accept-Language, Content-Type, YourOwnHeader")
    }
    // Stop here if its Preflighted OPTIONS request
    if req.Method == "OPTIONS" {
        return
    }

    c.R.ServeHTTP(rw, req)
}

    HTTP server

    r := mux.NewRouter()
r.Handle("/authentication", handleAuthentication)

http.Handle("/", &CORSRouterDecorator{r})

    et voilà.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 蓝牙耳机怎么查看日志
  • ¥15 Fluent齿轮搅油
  • ¥15 八爪鱼爬数据为什么自己停了
  • ¥15 交替优化波束形成和ris反射角使保密速率最大化
  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏