go 1.17
github.com/gin-contrib/cors v1.3.1
github.com/gin-gonic/gin v1.7.7
我在我的子域中运行 gin REST API 服务器。
放在主域的React app用GET方法和POST方法访问API服务器,但是得到cors policy错误
Access to XMLHttpRequest at 'https://<subdomain>.<domain>.xxx/api/v1/users' from origin 'https://<domain>.xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
.
在网上搜索,我发现了同样的问题和一些解决方案,但它们对我的情况不起作用。
所有这些程序都有同样的错误。
package gateway
import (
"log"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func RunServer() {
r := gin.Default()
r.Use(cors.Default())
api := r.Group("/api")
v1 := api.Group("/v1")
userRouters(v1)
err := r.Run()
if err != nil {
log.Printf("failed to run gateway: %v", err)
}
}
package gateway
import (
"log"
"time"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func RunServer() {
r := gin.Default()
r.Use(cors.New(cors.Config{
AllowOrigins: []string{"*"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE"},
AllowHeaders: []string{"Content-Type"},
AllowCredentials: false,
MaxAge: 12 * time.Hour,
}))
api := r.Group("/api")
v1 := api.Group("/v1")
userRouters(v1)
err := r.Run()
if err != nil {
log.Printf("failed to run gateway: %v", err)
}
}
响应标头中缺少 Access-Control-Allow-Origin。 · 第 29 期 · gin-contrib/cors
package gateway
import (
"log"
"github.com/gin-gonic/gin"
)
func CORS() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
}
}
func RunServer() {
r := gin.Default()
r.Use(CORS())
api := r.Group("/api")
v1 := api.Group("/v1")
userRouters(v1)
err := r.Run()
if err != nil {
log.Printf("failed to run gateway: %v", err)
}
}
> curl 'https://alb.skhole.club/api/v1/authz' \
-X 'OPTIONS' \
-H 'authority: alb.skhole.club' \
-H 'accept: */*' \
-H 'accept-language: ja,en-US;q=0.9,en;q=0.8' \
-H 'access-control-request-headers: content-type' \
-H 'access-control-request-method: POST' \
-H 'cache-control: no-cache' \
-H 'origin: https://skhole.club' \
-H 'pragma: no-cache' \
-H 'referer: https://skhole.club/' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: same-site' \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36' \
--compressed -i
HTTP/2 502
server: awselb/2.0
date: Wed, 05 Apr 2023 04:04:13 GMT
content-type: text/html
content-length: 524
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
诊断此类问题的第一步是直接检查 Chrome DevTools 中的预检请求。
备注:
Disable cache
以防预检响应被缓存。preflight
.下一步是将预检请求复制为
curl
命令(右键单击请求,在上下文菜单中选择Copy
->Copy as cURL
)并直接使用curl
工具测试请求(记住修改命令以添加 -i
选项以打印响应标头)。
您似乎在生产环境中遇到了这个问题,浏览器和您的服务之间的反向代理可能默认阻止了
Access-Control-Allow-Origin
标头。尝试将预检请求直接发送到您的服务,看看是否有什么不同。
顺便说一句,我已经测试了案例 1 并且它有效:
package main
import (
"log"
"net/http/httputil"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
r := gin.Default()
r.Use(cors.Default())
api := r.Group("/api")
v1 := api.Group("/v1")
v1.POST("users", func(ctx *gin.Context) {
buf, err := httputil.DumpRequest(ctx.Request, true)
if err != nil {
log.Printf("failed to dump request: %v", err)
return
}
log.Printf("%s", buf)
})
err := r.Run()
if err != nil {
log.Printf("failed to run gateway: %v", err)
}
r.Run()
}
$ curl 'http://localhost:8080/api/v1/users' \
-X 'OPTIONS' \
-H 'Accept: */*' \
-H 'Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6' \
-H 'Access-Control-Request-Headers: content-type' \
-H 'Access-Control-Request-Method: POST' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Origin: http://127.0.0.1:5501' \
-H 'Pragma: no-cache' \
-H 'Referer: http://127.0.0.1:5501/' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36' \
--compressed -i
HTTP/1.1 204 No Content
Access-Control-Allow-Headers: Origin,Content-Length,Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 43200
Date: Wed, 05 Apr 2023 03:50:06 GMT