使用Golang,Revel处理飞行前请求

我使用Golang + Revel框架制作了API应用程序</ p>

现在我试图 从前端应用程序发送由vue.js发出的http请求。 </ p>

但是由于存在cors,PUT方法无法处理。(POST方法现在可以正常工作了)</ p>

我想我们可以在其中设置标头 app / init.go </ code>文件,例如</ p>

  var HeaderFilter = func(c * revel.Controller,fc [] revel.Filter){\  nc.Response.Out.Header()。Add(“ X-Frame-Options”,“ SAMEORIGIN”)
c.Response.Out.Header()。Add(“ X-XSS-Protection”,“ 1; mode = block“)
c.Response.Out.Header()。Add(” X-Content-Type-Options“,” nosniff“)
c.Response.Out.Header()。Add(” Referrer-Policy“,” strict-origin-when-cross-origin“)

//自己添加
c.Response.Out.Header()。Add(” Access-Control-Allow-Headers“,”来源,内容类型 ,Accept“)
c.Response.Out.Header()。Add(” Access-Control-Allow-Origin“,” *“)
c.Response.Out.Header()。Add(” Access-Control-Allow -Method“,” POST,GET,OPTIONS,PUT,DELETE“)
c.Response.Out.Header()。Add(” Content-Type“,” application / json; charset = UTF-8“)
\ nfc [0](c,fc [1:])//执行下一个过滤器阶段。
</ code> </ pre>

但是我仍然得到404错误 或来自API的请求方法显示为 OPTIONS </ code>。 </ p>

如何设置请求标头以使其能够处理每个请求?</ p>
</ div>

展开原文

原文

I made API application with Golang + Revel framework

Now I tried to send http request from front end application, made by vue.js.

But because of cors, PUT method cannot be handled.(POST method worked fine now)

In revel, I thought we can set header in app/init.go file, like this

var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")

// Add them by myself
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Method", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")

fc[0](c, fc[1:]) // Execute the next filter stage.

But still I got 404 error from API and request method is shown as OPTIONS.

How can I set request header to enable to handle every requests ?

1个回答

Add a filters before revel.PanicFilter

revel.Filters = []revel.Filter{
        ValidateOrigin,
        revel.PanicFilter,             // Recover from panics and display an error page instead.
        revel.RouterFilter,            // Use the routing table to select the right Action
        revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters.
        revel.ParamsFilter,            // Parse parameters into Controller.Params.
        IpLimitFilter,
        revel.SessionFilter,           // Restore and write the session cookie.
        revel.FlashFilter,             // Restore and write the flash cookie.
        revel.ValidationFilter,        // Restore kept validation errors and save new ones from cookie.
        revel.I18nFilter,              // Resolve the requested language
        HeaderFilter,
        revel.InterceptorFilter,       // Run interceptors around the action.
        revel.CompressFilter,          // Compress the result.
        revel.BeforeAfterFilter,       // Call the before and after filter functions
        revel.ActionInvoker,           // Invoke the action.
    }

var ValidateOrigin = func(c *revel.Controller, fc []revel.Filter) {
    if c.Request.Method == "OPTIONS" {
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定义 Header
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
        c.Response.Out.Header().Add("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
        c.Response.Out.Header().Add("Access-Control-Allow-Credentials", "true")
        c.Response.SetStatus(http.StatusNoContent)
        // 截取复杂请求下post变成options请求后台处理方法(针对跨域请求检测)
    } else {
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
        c.Response.Out.Header().Add("X-Frame-Options", "SAMORIGIN")
        c.Response.Out.Header().Add("Vary", "Origin, Access-Control-Request-Method, Access-Control-Request-Headers")

        fc[0](c, fc[1:]) // Execute the next filter stage.
    }
}
...

Because ajax turns a simple request (single post) request into a secondary request, that is, an options request is first sent to determine whether the domain is allowed, and then the real request post is sent to obtain the result.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐