Google app engine CORS授权聚合物和goapp golang
我有一个与goapp服务器交互的聚合物前端。只要我不在头中传递授权令牌,一切正常。这是聚合物侧的代码Google app engine CORS授权聚合物和goapp golang,google-app-engine,go,cors,polymer,Google App Engine,Go,Cors,Polymer,我有一个与goapp服务器交互的聚合物前端。只要我不在头中传递授权令牌,一切正常。这是聚合物侧的代码 <iron-ajax auto url="http://localhost:8080/ephomenotes" handle-as="json" last-response="{{response}}" headers="[[_computeHeader()]]" debounce-duration
<iron-ajax
auto
url="http://localhost:8080/ephomenotes"
handle-as="json"
last-response="{{response}}"
headers="[[_computeHeader()]]"
debounce-duration="300"></iron-ajax>
_computeHeader() {
var token = localStorage.getItem("savedToken");
var obj = {};
obj.Authorization = "Bearer " + token;
return obj;
//return {"Authorization": "Bearer " + token};
}
请注意,我从polymer代码中删除了headers=“[[\u computeHeader()]”,然后它就可以工作了。不过,使用授权令牌时,它会抛出以下错误
无法加载XMLHttpRequest。回应
飞行前请求未通过访问控制检查:否
“Access Control Allow Origin”标头出现在请求的服务器上
资源。因此,不允许使用源“”
进入
请帮助解决此问题
为选项创建了新路由
r.OPTIONS("/ephomenotes", optionsheader)
r.GET("/ephomenotes", env.EPHomePage)
这是新功能
func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
w.Header().Set("Access-Control-Allow-Credentials", "true")
if origin := r.Header.Get("Origin"); origin != "" {
w.Header().Set("Access-Control-Allow-Origin", origin)
}
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
// w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
}
但是我不确定,为什么这个能起作用
func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
w.Header().Set("Access-Control-Allow-Credentials", "true")
if origin := r.Header.Get("Origin"); origin != "" {
w.Header().Set("Access-Control-Allow-Origin", origin)
}
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
// w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
}