I am trying to test if I am in domain A, can domain A client send domain B cookie to domain B.
Here is my golang code
package main
import (
"fmt"
"net/http"
"log"
"time"
"encoding/json"
)
func setCookie(w http.ResponseWriter, r *http.Request) {
expiration := time.Now().Add(365 * 24 * time.Hour)
cookie := http.Cookie{Path: "/test_receive_cookie", Name: "test_cors", Value: "test_cors", Expires: expiration}
http.SetCookie(w, &cookie)
fmt.Fprintf(w, "Success")
}
func receiveCookie(w http.ResponseWriter, r *http.Request) {
fmt.Println(r.Cookies())
data := make(map[string]interface{})
for _, cookie := range r.Cookies() {
data[cookie.Name] = cookie.Value
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(data)
}
func main() {
http.HandleFunc("/set_cookie", setCookie)
http.HandleFunc("/test_receive_cookie", receiveCookie)
err := http.ListenAndServe(":8012", nil)
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
I first hit http://localhost:8012/set_cookie
, then I open a html file containing a javascript using this library
this._xhr.get(
"http://localhost:8012/test_receive_cookie",
{ headers: { "Access-Control-Allow-Origin": "*" }},
function(err, resp) {
console.log(resp);
console.log(err);
});
The following happened
Failed to load http://localhost:8012/test_receive_cookie: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
My server print []
from fmt.Println(r.Cookies())
If I hit http://localhost:8012/test_receive_cookie
I can see the cookie I set gets print out on browser, but when I open a html that calls the endpoint the server will have empty cookie
My questions is how can I pass the cookie back to http://localhost:8012/test_receive_cookie
using client code?
Am I missing some configuration code?
You need your Go server to send the Access-Control-Allow-Origin
headers, the client can't provide them (see CORS ).
If you update your server to add this header, the client will stop throwing an error.
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Access-Control-Allow-Origin", "*")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.