dongxie8856 2017-04-05 13:20
浏览 495


I'm facing some issue with my implementation. I have a backend written in Golang and the UI (in Angular2) which are on the same server.

I've tried to set the CORS handling in my backend but it still doesn't work and I'm not getting why.

Here's my code:

package main

import (


var router *mux.Router

func main() {
    router = mux.NewRouter()

    HandleFuncEx("/authentication", handleAuthentication)
    HandleFuncEx("/callA", handleCallA)
    HandleFuncEx("/callB", handleCallB)
    HandleFuncEx("/callC", handleCallC)

    handler := cors.New(cors.Options{
        AllowedOrigins: []string{"*"},
        AllowedMethods: []string{"GET", "POST", "PATCH"},
        AllowedHeaders: []string{"a_custom_header", "content_type"},
    http.ListenAndServe(":8000", handler)


func HandleFuncEx(pattern string, handler func(http.ResponseWriter, *http.Request)) {
    log.Println("handled function", pattern)
    router.HandleFunc(pattern, handler)

The authentication pattern works correctly (is the first called by the UI) all the others calls fails the preflight request. Why is it happening?

Thanks everybody for the help!


This is an example of a non-working response Headers:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Fri, 07 Apr 2017 08:33:12 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

And these are request's headers:

OPTIONS /users HTTP/1.1
Host: /* Removed by my company policy */
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: /* Removed by my company policy */
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Access-Control-Request-Headers: access_token
Accept: */*
Referer: /* Removed by my company policy */
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,it;q=0.4,la;q=0.2
  • 写回答

3条回答 默认 最新

  • dtkvlj5386 2017-04-07 09:08

    As Adrian pointed out, you need to add the OPTIONS Method to the AllowedMethods array.

    Please also consider to add Accept, Accept-Language and Content-Type to the AllowedHeaders as good practice.

    If you don't want to use the package, you can write a simple CORS decorator middleware on your own like this:

    CORS decorator

    import (
    // CORSRouterDecorator applies CORS headers to a mux.Router
    type CORSRouterDecorator struct {
        R *mux.Router
    // ServeHTTP wraps the HTTP server enabling CORS headers.
    // For more info about CORS, visit
    func (c *CORSRouterDecorator) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
        if origin := req.Header.Get("Origin"); origin != "" {
            rw.Header().Set("Access-Control-Allow-Origin", origin)
            rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
            rw.Header().Set("Access-Control-Allow-Headers", "Accept, Accept-Language, Content-Type, YourOwnHeader")
        // Stop here if its Preflighted OPTIONS request
        if req.Method == "OPTIONS" {
        c.R.ServeHTTP(rw, req)

    HTTP server

    r := mux.NewRouter()
    r.Handle("/authentication", handleAuthentication)
    http.Handle("/", &CORSRouterDecorator{r})

    et voilà.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
  • duanhuo3392 2017-04-05 15:09

    I use Negroni as middleware and this code:

    func main() {
        c := cors.New(cors.Options{
            AllowedOrigins: []string{"*"},
            AllowedMethods: []string{"POST", "GET", "OPTIONS", "PUT", "DELETE"},
            AllowedHeaders: []string{"Accept", "content-type", "Content-Length", "Accept-Encoding", "X-CSRF-Token", "Authorization"},
        router := mux.NewRouter()
        router = routers.SetAuthRoute(router)
        apiRoutes := routers.InitRoutes()
        server := negroni.Classic()
        server.Run("" + os.Getenv("PORT"))
  • dqs13465424392 2018-08-24 08:00

    Similar to the other two responses, but I my case my project is hosted on cloud9 so I had a couple of tweaks to do.

    This is the code i added:

        cor := cors.New(cors.Options{
            AllowedOrigins:   []string{"https://*", "", "https://*"},
            AllowedMethods:   []string{"POST", "GET", "OPTIONS", "PUT"},
            AllowedHeaders:   []string{"Accept", "Accept-Language", "Content-Type"},
            AllowCredentials: true,
            Debug:            true,

    I had to add the extra http origin as Safari makes the initial options request using http instead of https.





  • ¥15 怎么根据书上的例子完成这个问题呢?
  • ¥15 ECharts 增加Zoom,整行包括右边的Text一起滑动
  • ¥15 关于网上一个easyx制作的见缝插针小游戏(c++)
  • ¥15 开地址法双散列函数处理碰撞
  • ¥15 想问一下这个是什么情况 虚拟机Linux打不开了
  • ¥15 联通光猫掉注册了怎么重新注册上去
  • ¥15 关于unity开发steamvr程序遇到的问题
  • ¥60 求tc downloader的下载方式
  • ¥15 华为 快捷方式 手电筒 接口
  • ¥15 Qt6.5支不支持Android13开发啊