Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/visual-studio-2010/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Google app engine CORS授权聚合物和goapp golang_Google App Engine_Go_Cors_Polymer - Fatal编程技术网
Fatal编程技术网

Google app engine CORS授权聚合物和goapp golang

google-app-engine go cors polymer

Google app engine CORS授权聚合物和goapp golang,google-app-engine,go,cors,polymer,Google App Engine,Go,Cors,Polymer,我有一个与goapp服务器交互的聚合物前端。只要我不在头中传递授权令牌,一切正常。这是聚合物侧的代码 <iron-ajax auto url="http://localhost:8080/ephomenotes" handle-as="json" last-response="{{response}}" headers="[[_computeHeader()]]" debounce-duration

我有一个与goapp服务器交互的聚合物前端。只要我不在头中传递授权令牌,一切正常。这是聚合物侧的代码

<iron-ajax
      auto
        url="http://localhost:8080/ephomenotes"
        handle-as="json"
        last-response="{{response}}"
        headers="[[_computeHeader()]]"
        debounce-duration="300"></iron-ajax>

_computeHeader() {
        var token = localStorage.getItem("savedToken");
         var obj = {};
         obj.Authorization = "Bearer " + token;
         return obj;
        //return {"Authorization": "Bearer " + token};
      }
请注意,我从polymer代码中删除了headers=“[[\u computeHeader()]”,然后它就可以工作了。不过,使用授权令牌时,它会抛出以下错误

无法加载XMLHttpRequest。回应 飞行前请求未通过访问控制检查:否 “Access Control Allow Origin”标头出现在请求的服务器上 资源。因此,不允许使用源“” 进入

请帮助解决此问题

为选项创建了新路由

r.OPTIONS("/ephomenotes", optionsheader)
r.GET("/ephomenotes", env.EPHomePage)
这是新功能

func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

    w.Header().Set("Access-Control-Allow-Credentials", "true")
    if origin := r.Header.Get("Origin"); origin != "" {
        w.Header().Set("Access-Control-Allow-Origin", origin)
    }
    w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
    // w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")

}
但是我不确定,为什么这个能起作用

func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

    w.Header().Set("Access-Control-Allow-Credentials", "true")
    if origin := r.Header.Get("Origin"); origin != "" {
        w.Header().Set("Access-Control-Allow-Origin", origin)
    }
    w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
    // w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")

}