在Golang回调函数中启用CORS(跨域资源共享)

huangapple go评论92阅读模式
英文:

Enable CORS in Golang callback function

问题

我有一个调用Google oAuth2 API的AJAX请求,代码如下:

$(document).on('click', '#signup', function() {
  var OAUTHURL        =  'https://accounts.google.com/o/oauth2/auth?';
  var SCOPE           =   'email profile';
  var STATE           =   'profile';
  var REDIRECT_URI    =   'https://localhost:8080/callback';
  var RESPONSE_TYPE   =   'token';
  var CLIENT_ID       =   '554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com';
  var _url            =    OAUTHURL + 'scope=' + SCOPE + '&state=' + STATE + '&redirect_uri=' + REDIRECT_URI + '&response_type=' + RESPONSE_TYPE + '&client_id=' + CLIENT_ID;
  $.ajax({
    type: "POST",
    dataType: "text",
    url: _url,
    success: function(response)
    {
      console.log(response.url);
    },
    error: function(error)
    {
      console.log("ERROR: ", error);
    }
  });
});

这段代码应该会重定向到运行在 http://localhost/callback 上的服务器。

重定向URI:http://localhost:8080/callback
JavaScript来源:http://localhost:8080

我还定义了以下回调函数:

func init() {
  r := mux.NewRouter()

  r.HandleFunc("/", rootHandler)
  r.HandleFunc("/callback", callbackHandler)
  http.Handle("/", r)
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
  fmt.Fprint(w, "我从服务器返回了!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}

在调试模式下一切看起来都很好,但是我从Google的API那里得到了以下错误:

XMLHttpRequest无法加载 https://accounts.google.com/o/oauth2/auth?scope=email%20profile&state=profi…d=554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com。请求的资源上没有 'Access-Control-Allow-Origin' 标头。因此,不允许访问来自 'http://localhost:8080' 的资源。

我已经做了一些调整,但是似乎找不到解决方法。对此有什么想法吗?

英文:

I have an AJAX call to Google's oAuth2 api looks like this:

$(document).on('click', '#signup', function() {
  var OAUTHURL        =  'https://accounts.google.com/o/oauth2/auth?';
  var SCOPE           =   'email profile';
  var STATE 		  =   'profile';
  var REDIRECT_URI    =   'https://localhost:8080/callback';
  var RESPONSE_TYPE   =   'token';
  var CLIENT_ID       =   '554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com';
  var _url            =    OAUTHURL + 'scope=' + SCOPE + '&state=' + STATE + '&redirect_uri=' + REDIRECT_URI + '&response_type=' + RESPONSE_TYPE + '&client_id=' + CLIENT_ID;
  $.ajax({
  	type: "POST",
  	dataType: "text",
  	url: _url,
  	success: function(response)
  	{
  		console.log(response.url);
  	},
  	error: function(error)
  	{
  		console.log("ERROR: ", error);
  	}
  });
});

This is supposed to redirect back to the server running on http://localhost/callback.

Redirect URIs:	http://localhost:8080/callback
Javascript Origins:	http://localhost:8080

I also have the callback function defined as below:

func init() {
	r := mux.NewRouter()

	r.HandleFunc("/", rootHandler)
	r.HandleFunc("/callback", callbackHandler)
	http.Handle("/", r)
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}

everything looks good in debugging mode, except I get this error back from google's api:

> XMLHttpRequest cannot load
> https://accounts.google.com/o/oauth2/auth?scope=email%20profile&state=profi…d=554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com.
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:8080' is therefore not allowed
> access.

I have tweaked a little around but I can't seem to find my way through.
Any thought on this?

答案1

得分: 1

像Not_a_Golfer说的那样,你的后端没有正确设置响应的头部信息。为了处理所有情况下的CORS问题,我创建了这个小的处理程序,它包装了你的路由器,这样你就不必在每个回调函数中手动设置头部信息。

使用方法如下:

import "github.com/heppu/simple-cors"

func init() {
    r := mux.NewRouter()
    r.HandleFunc("/", rootHandler)
    r.HandleFunc("/callback", callbackHandler)
    http.Handle("/", cors.CORS(r))
}

func callbackHandler(w http.ResponseWriter, r *http.Request) {
    fmt.Fprint(w, "我从服务器返回了!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
英文:

Like Not_a_Golfer said your backend is not setting correct headers to response. To handle CORS problem in every cases I made this little handler that wraps your router so you don't have to manually set headers in every callback.

Use it like this:

import "github.com/heppu/simple-cors"

func init() {
    r := mux.NewRouter()
    r.HandleFunc("/", rootHandler)
    r.HandleFunc("/callback", callbackHandler)
    http.Handle("/", cors.CORS(r))
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
    fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}

答案2

得分: 0

只需将CORS标头添加到您的callbackHandler中:

// 通过命令行标志、环境变量或其他方式使其可配置
var MyServerName = "https://localhost:8080"

func callbackHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Access-Control-Allow-Origin", MyServerName)

fmt.Fprint(w, "我是从服务器发送回来的!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))

}

英文:

Just add CORS headers to your callbackHandler:

// make this configurable via command line flags, env var, or something
var MyServerName = "https://localhost:8080" 

func callbackHandler(w http.ResponseWriter, r *http.Request) {
    w.Header().Add("Access-Control-Allow-Origin", MyServerName)

    fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}

huangapple
  • 本文由 发表于 2015年4月2日 16:34:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/29408491.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定