dsyq40772 2018-11-06 01:36
浏览 114

使用Golang,Revel处理飞行前请求

I made API application with Golang + Revel framework

Now I tried to send http request from front end application, made by vue.js.

But because of cors, PUT method cannot be handled.(POST method worked fine now)

In revel, I thought we can set header in app/init.go file, like this

var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")

// Add them by myself
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Method", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")

fc[0](c, fc[1:]) // Execute the next filter stage.

But still I got 404 error from API and request method is shown as OPTIONS.

How can I set request header to enable to handle every requests ?

  • 写回答

1条回答 默认 最新

  • doufan1899 2019-02-20 12:05
    关注

    Add a filters before revel.PanicFilter

    revel.Filters = []revel.Filter{
        ValidateOrigin,
        revel.PanicFilter,             // Recover from panics and display an error page instead.
        revel.RouterFilter,            // Use the routing table to select the right Action
        revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters.
        revel.ParamsFilter,            // Parse parameters into Controller.Params.
        IpLimitFilter,
        revel.SessionFilter,           // Restore and write the session cookie.
        revel.FlashFilter,             // Restore and write the flash cookie.
        revel.ValidationFilter,        // Restore kept validation errors and save new ones from cookie.
        revel.I18nFilter,              // Resolve the requested language
        HeaderFilter,
        revel.InterceptorFilter,       // Run interceptors around the action.
        revel.CompressFilter,          // Compress the result.
        revel.BeforeAfterFilter,       // Call the before and after filter functions
        revel.ActionInvoker,           // Invoke the action.
    }

var ValidateOrigin = func(c *revel.Controller, fc []revel.Filter) {
    if c.Request.Method == "OPTIONS" {
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定义 Header
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
        c.Response.Out.Header().Add("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
        c.Response.Out.Header().Add("Access-Control-Allow-Credentials", "true")
        c.Response.SetStatus(http.StatusNoContent)
        // 截取复杂请求下post变成options请求后台处理方法(针对跨域请求检测)
    } else {
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
        c.Response.Out.Header().Add("X-Frame-Options", "SAMORIGIN")
        c.Response.Out.Header().Add("Vary", "Origin, Access-Control-Request-Method, Access-Control-Request-Headers")

        fc[0](c, fc[1:]) // Execute the next filter stage.
    }
}
...

    Because ajax turns a simple request (single post) request into a secondary request, that is, an options request is first sent to determine whether the domain is allowed, and then the real request post is sent to obtain the result.

    评论

报告相同问题?

悬赏问题

  • ¥200 关于#c++#的问题,请各位专家解答!
  • ¥50 导入文件到网吧的电脑并且在重启之后不会被恢复
  • ¥15 (希望可以解决问题)ma和mb文件无法正常打开,打开后是空白,但是有正常内存占用,但可以在打开Maya应用程序后打开场景ma和mb格式。
  • ¥15 绘制多分类任务的roc曲线时只画出了一类的roc,其它的auc显示为nan
  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀