stackoom
  简体   繁体   中英

CORS request with golang backend doesn't works

 原文  2017-04-05 13:20:04       http/ go/ cors

Question

I'm facing some issue with my implementation. I have a backend written in Golang and the UI (in Angular2) which are on the same server.

I've tried to set the CORS handling in my backend but it still doesn't work and I'm not getting why.

Here's my code:

package main

import (
    "log"
    "net/http"

    "github.com/gorilla/mux"
    "github.com/rs/cors"
)

var router *mux.Router

func main() {
    router = mux.NewRouter()

    HandleFuncEx("/authentication", handleAuthentication)
    HandleFuncEx("/callA", handleCallA)
    HandleFuncEx("/callB", handleCallB)
    HandleFuncEx("/callC", handleCallC)

    handler := cors.New(cors.Options{
        AllowedOrigins: []string{"*"},
        AllowedMethods: []string{"GET", "POST", "PATCH"},
        AllowedHeaders: []string{"a_custom_header", "content_type"},
    }).Handler(router)
    http.ListenAndServe(":8000", handler)

}

func HandleFuncEx(pattern string, handler func(http.ResponseWriter, *http.Request)) {
    log.Println("handled function", pattern)
    router.HandleFunc(pattern, handler)
}

The authentication pattern works correctly (is the first called by the UI) all the others calls fails the preflight request. Why is it happening?

Thanks everybody for the help!

EDIT:

This is an example of a non-working response Headers:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Fri, 07 Apr 2017 08:33:12 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

And these are request's headers:

OPTIONS /users HTTP/1.1
Host: /* Removed by my company policy */
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: /* Removed by my company policy */
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Access-Control-Request-Headers: access_token
Accept: */*
Referer: /* Removed by my company policy */
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,it;q=0.4,la;q=0.2

3 answers

solution1
 5 ACCPTED  2017-04-07 09:08:48

As Adrian pointed out, you need to add the OPTIONS Method to the AllowedMethods array.

Please also consider to add Accept , Accept-Language and Content-Type to the AllowedHeaders as good practice.

If you don't want to use the github.com/rs/cors package, you can write a simple CORS decorator middleware on your own like this:

CORS decorator 

import (
    "net/http"

    "github.com/gorilla/mux"
)

// CORSRouterDecorator applies CORS headers to a mux.Router
type CORSRouterDecorator struct {
    R *mux.Router
}

// ServeHTTP wraps the HTTP server enabling CORS headers.
// For more info about CORS, visit https://www.w3.org/TR/cors/
func (c *CORSRouterDecorator) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
    if origin := req.Header.Get("Origin"); origin != "" {
        rw.Header().Set("Access-Control-Allow-Origin", origin)
        rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        rw.Header().Set("Access-Control-Allow-Headers", "Accept, Accept-Language, Content-Type, YourOwnHeader")
    }
    // Stop here if its Preflighted OPTIONS request
    if req.Method == "OPTIONS" {
        return
    }

    c.R.ServeHTTP(rw, req)
}

HTTP server 

r := mux.NewRouter()
r.Handle("/authentication", handleAuthentication)

http.Handle("/", &CORSRouterDecorator{r})

et voilà.

solution2
 1  2017-04-05 15:09:50

I use Negroni as middleware and this code:

func main() {

    c := cors.New(cors.Options{
        AllowedOrigins: []string{"*"},
        AllowedMethods: []string{"POST", "GET", "OPTIONS", "PUT", "DELETE"},
        AllowedHeaders: []string{"Accept", "content-type", "Content-Length", "Accept-Encoding", "X-CSRF-Token", "Authorization"},
    })

    router := mux.NewRouter()
    router = routers.SetAuthRoute(router)

    apiRoutes := routers.InitRoutes()

    router.PathPrefix("/api").Handler(negroni.New(
        negroni.HandlerFunc(controllers.ValidateTokenMiddleware),
        negroni.Wrap(apiRoutes),
    ))

    server := negroni.Classic()
    server.Use(c)
    server.UseHandler(router)
    server.Run("0.0.0.0:" + os.Getenv("PORT"))
}

solution3
 1  2018-08-24 08:00:57

Similar to the other two responses, but I my case my project is hosted on cloud9 so I had a couple of tweaks to do.

This is the code i added:

    cor := cors.New(cors.Options{
        AllowedOrigins:   []string{"https://*.c9users.io", "http://myapp.c9users.io:8080", "https://*.c9.io"},
        AllowedMethods:   []string{"POST", "GET", "OPTIONS", "PUT"},
        AllowedHeaders:   []string{"Accept", "Accept-Language", "Content-Type"},
        AllowCredentials: true,
        Debug:            true,
    });

I had to add the extra http origin as Safari makes the initial options request using http instead of https.

Sorted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question POST GWT CORS request works but PUT CORS request doesn't CORS error on axios POST request to backend Axios frontend doesn't seem to pass request parameters to backend Post request works but Put request doesn't in angular 2 Angular HTTP Post using CORS works behind the scene, but doesn't “succeed” Why isn't this a CORS request? Golang http request POST works once Request doesn't work with HttpURLConnection but works with other HTTP client angular http request doesn't work but on postman works HTTP request using cURL works but doesn't work in Python requests
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM