背景
跨域一般有兩種方法:
- 網絡代理層,如nginx層攔截處理;
- 後端服務處理;
這裏簡單說下Go Gin框架的解決辦法
解決方法
需要在 Gin 中提供了 middleware (中間件) 來處理請求前後的前置和後置邏輯。
中間件文件:
package middleware import ( "github.com/gin-gonic/gin" "net/http" ) func Cors() gin.HandlerFunc { return func(c *gin.Context) { method := c.Request.Method origin := c.Request.Header.Get("Origin") //請求頭部 if origin != "" { //接收客戶端發送的origin (重要!) c.Writer.Header().Set("Access-Control-Allow-Origin", origin) //服務器支持的所有跨域請求的方法 c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE,UPDATE") //允許跨域設置可以返回其他子段,可以自定義字段 c.Header("Access-Control-Allow-Headers", "Authorization, Content-Length, X-CSRF-Token, Token,session") // 允許瀏覽器(客戶端)可以解析的頭部 (重要) c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers") //設置緩存時間 c.Header("Access-Control-Max-Age", "172800") //允許客戶端傳遞校驗信息比如 cookie (重要) c.Header("Access-Control-Allow-Credentials", "true") // //c.Header("Content-Type", "application/json") } //允許類型校驗 if method == "OPTIONS" { c.Header("Access-Control-Allow-Origin", "*") c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定義 Header c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS") c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type") c.Header("Access-Control-Allow-Credentials", "true") c.AbortWithStatus(http.StatusNoContent) } defer func() { if err := recover(); err != nil { log.Printf("Panic info is: %v", err) } }() c.Next() } }
應用中間件:
package main import( "gin/middleware" "github.com/gin-gonic/gin" ) func main(){ gin.SetMode(gin.ReleaseMode) engine = gin.Default() engine.Use(middleware.Cors()) }