与Golang、Revel一起处理飞行前请求_Go_Cors_Preflight_Revel

与Golang、Revel一起处理飞行前请求

go cors

与Golang、Revel一起处理飞行前请求,go,cors,preflight,revel,Go,Cors,Preflight,Revel,我用Golang+Revel框架制作了API应用程序现在我尝试从vue.js生成的前端应用程序发送http请求但由于cors，无法处理PUT方法。（POST方法现在运行良好）在revel中，我想我们可以在app/init.go文件中设置头，如下所示 var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) { c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIG

我用Golang+Revel框架制作了API应用程序

现在我尝试从vue.js生成的前端应用程序发送http请求

但由于cors，无法处理PUT方法。（POST方法现在运行良好）

在revel中，我想我们可以在

app/init.go

文件中设置头，如下所示

var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")

// Add them by myself
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Method", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")

fc[0](c, fc[1:]) // Execute the next filter stage.

但我仍然从API中得到了404错误，请求方法显示为

OPTIONS

如何设置请求头以允许处理每个请求？

在revel.PanicFilter之前添加一个筛选器

revel.Filters = []revel.Filter{
        ValidateOrigin,
        revel.PanicFilter,             // Recover from panics and display an error page instead.
        revel.RouterFilter,            // Use the routing table to select the right Action
        revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters.
        revel.ParamsFilter,            // Parse parameters into Controller.Params.
        IpLimitFilter,
        revel.SessionFilter,           // Restore and write the session cookie.
        revel.FlashFilter,             // Restore and write the flash cookie.
        revel.ValidationFilter,        // Restore kept validation errors and save new ones from cookie.
        revel.I18nFilter,              // Resolve the requested language
        HeaderFilter,
        revel.InterceptorFilter,       // Run interceptors around the action.
        revel.CompressFilter,          // Compress the result.
        revel.BeforeAfterFilter,       // Call the before and after filter functions
        revel.ActionInvoker,           // Invoke the action.
    }

var ValidateOrigin = func(c *revel.Controller, fc []revel.Filter) {
    if c.Request.Method == "OPTIONS" {
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定义 Header
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
        c.Response.Out.Header().Add("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
        c.Response.Out.Header().Add("Access-Control-Allow-Credentials", "true")
        c.Response.SetStatus(http.StatusNoContent)
        // 截取复杂请求下post变成options请求后台处理方法(针对跨域请求检测)
    } else {
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
        c.Response.Out.Header().Add("X-Frame-Options", "SAMORIGIN")
        c.Response.Out.Header().Add("Vary", "Origin, Access-Control-Request-Method, Access-Control-Request-Headers")

        fc[0](c, fc[1:]) // Execute the next filter stage.
    }
}
...

因为ajax将一个简单的请求（单post）转换为一个辅助请求，也就是说，首先发送一个选项请求以确定域是否被允许，然后发送真正的请求post以获得结果