'CORS problem,using axios,how can this be possible?
I'm using gin to be my backend,and this is my cors middleware code.
func Cors() gin.HandlerFunc {
return func(ctx *gin.Context) {
method := ctx.Request.Method
if method == "OPTIONS" {
ctx.Header("Access-Control-Max-Age", "1728000")
ctx.Header("Access-Control-Allow-Credentials", "true")
ctx.Header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,PATCH,OPTIONS")
ctx.Header("Access-Control-Allow-Headers", "Content-Type,Cookie,Authorization,Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Referer,Sec-Fetch-Dest,Accept-Language,Accept-Encoding,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,Pragma,Host,Connection,Cache-Control,Accept-Language,Accept-Encoding,X-Requested-With,X-Forwarded-For,X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-Port,X-Forwarded-Prefix,X-Real-IP,Accept")
ctx.Header("Access-Control-Allow-Origin", ctx.Request.Header.Get("origin"))
ctx.AbortWithStatus(http.StatusNoContent)
return
}
ctx.Next()
}
}
In the frontend,I'm using the axios to request,and I'm using React to develop my app.
Below is my setting about axios.
const BASE_URL = "http://localhost:8000";
axios.defaults.baseURL = BASE_URL;
axios.defaults.withCredentials = true;
and I abstracted a function to do a POST request
async function post<T = any, D = any>(
url: string,
data?: T,
headers?: AxiosRequestHeaders
): Promise<D> {
const res = await axios.post(url, data, {
headers: headers,
});
if (res.status === 200) return Promise.resolve(res.data);
else return Promise.reject(res.statusText);
}
it's interesting when I requesting on Chrome.
I truly got a Access-Control-Allow-Origin header but it just said I didn't get this header in respond.
It's really weired and I don't know how to do.
Solution 1:[1]
You try this
// CORS - cors enable
func CORS(c *gin.Context) {
c.Header("Content-Type", "application/json")
c.Header("Access-Control-Allow-Origin", "*")
c.Header("Access-Control-Allow-Headers", "*")
c.Header("Access-Control-Allow-Methods", "*")
c.Header("Access-Control-Allow-Credentials", "true")
if c.Request.Method == http.MethodOptions {
c.AbortWithStatus(http.StatusNoContent)
return
}
c.Next()
}
Solution 2:[2]
When different origin,we need always to put Access-Control-Allow-Origin header in responses' headers.And if we Access-Control-Allow-Credentials,this should be put in responses' headers too.
middleware should be changed like below:
func Cors() gin.HandlerFunc {
return func(ctx *gin.Context) {
method := ctx.Request.Method
if method == "OPTIONS" {
ctx.Header("Access-Control-Max-Age", "1728000")
ctx.Header("Access-Control-Allow-Credentials", "true")
ctx.Header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,PATCH,OPTIONS")
ctx.Header("Access-Control-Allow-Origin", ctx.Request.Header.Get("origin"))
ctx.Header("Access-Control-Allow-Headers", "Content-Type,Cookie,Authorization,Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Referer,Sec-Fetch-Dest,Accept-Language,Accept-Encoding,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,Pragma,Host,Connection,Cache-Control,Accept-Language,Accept-Encoding,X-Requested-With,X-Forwarded-For,X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-Port,X-Forwarded-Prefix,X-Real-IP,Accept")
ctx.AbortWithStatus(http.StatusNoContent)
return
}
ctx.Header("Access-Control-Allow-Origin", ctx.Request.Header.Get("origin"))
ctx.Header("Access-Control-Allow-Credentials", "true")
ctx.Next()
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Batjargal |
| Solution 2 | SnowWarrior |