I am currently working on a web application (in golang) which will be used as a main portal for other internal applications (running in docker containers). This web application should simply serve a HTML-Page where a navigation bar is at the top and the rest of the page will be an IFrame. On the navigation bar we have multiple links which will change the source of the IFrame. It is important to know that the links on the navigation bar are dynamically created.
I faced really soon the issue that the Iframe couldn't display the other internal applications because of the Same-Origin-Policy which blocks all content. To workaround this, I thought it might be a good idea to implement my own reverse proxy in golang.
package main
import (
"fmt"
"net/http"
"net/http/httputil"
"net/url"
)
func handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "<html><body><iframe src=\"/\" width=\"100%\" height=\"100%\"/></body></html>")
}
func proxyHandle(r *http.Request) {
r.Host = "google.com"
r.URL.Host = r.Host
r.URL.Scheme = "http"
}
func main() {
proxy := httputil.NewSingleHostReverseProxy(&url.URL{
Scheme: "http",
Host: "google.com",
})
proxy.Director = proxyHandle
http.Handle("/", proxy)
http.HandleFunc("/index", handler)
http.ListenAndServe(":8080", nil)
}
I still get the SOP error message. I basically have now two questions:
- Is this the right way to go? Or is there a better way to do this?
- I do not understand what is happening here. In my opinion, the request will be send to my application and then the HTML will be in the response. The browser notices the iframe and requests for "/". This GET-Request arrives at my application and then should be forwarded to google.com. The response should go back to my application and from my application then back to the client. Is this correct?