英文:
Enable CORS in Golang callback function
问题
我有一个调用Google oAuth2 API的AJAX请求,代码如下:
$(document).on('click', '#signup', function() {
var OAUTHURL = 'https://accounts.google.com/o/oauth2/auth?';
var SCOPE = 'email profile';
var STATE = 'profile';
var REDIRECT_URI = 'https://localhost:8080/callback';
var RESPONSE_TYPE = 'token';
var CLIENT_ID = '554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com';
var _url = OAUTHURL + 'scope=' + SCOPE + '&state=' + STATE + '&redirect_uri=' + REDIRECT_URI + '&response_type=' + RESPONSE_TYPE + '&client_id=' + CLIENT_ID;
$.ajax({
type: "POST",
dataType: "text",
url: _url,
success: function(response)
{
console.log(response.url);
},
error: function(error)
{
console.log("ERROR: ", error);
}
});
});
这段代码应该会重定向到运行在 http://localhost/callback 上的服务器。
重定向URI:http://localhost:8080/callback
JavaScript来源:http://localhost:8080
我还定义了以下回调函数:
func init() {
r := mux.NewRouter()
r.HandleFunc("/", rootHandler)
r.HandleFunc("/callback", callbackHandler)
http.Handle("/", r)
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "我从服务器返回了!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
在调试模式下一切看起来都很好,但是我从Google的API那里得到了以下错误:
XMLHttpRequest无法加载 https://accounts.google.com/o/oauth2/auth?scope=email%20profile&state=profi…d=554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com。请求的资源上没有 'Access-Control-Allow-Origin' 标头。因此,不允许访问来自 'http://localhost:8080' 的资源。
我已经做了一些调整,但是似乎找不到解决方法。对此有什么想法吗?
英文:
I have an AJAX call to Google's oAuth2 api looks like this:
$(document).on('click', '#signup', function() {
var OAUTHURL = 'https://accounts.google.com/o/oauth2/auth?';
var SCOPE = 'email profile';
var STATE = 'profile';
var REDIRECT_URI = 'https://localhost:8080/callback';
var RESPONSE_TYPE = 'token';
var CLIENT_ID = '554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com';
var _url = OAUTHURL + 'scope=' + SCOPE + '&state=' + STATE + '&redirect_uri=' + REDIRECT_URI + '&response_type=' + RESPONSE_TYPE + '&client_id=' + CLIENT_ID;
$.ajax({
type: "POST",
dataType: "text",
url: _url,
success: function(response)
{
console.log(response.url);
},
error: function(error)
{
console.log("ERROR: ", error);
}
});
});
This is supposed to redirect back to the server running on http://localhost/callback.
Redirect URIs: http://localhost:8080/callback
Javascript Origins: http://localhost:8080
I also have the callback function defined as below:
func init() {
r := mux.NewRouter()
r.HandleFunc("/", rootHandler)
r.HandleFunc("/callback", callbackHandler)
http.Handle("/", r)
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
everything looks good in debugging mode, except I get this error back from google's api:
> XMLHttpRequest cannot load
> https://accounts.google.com/o/oauth2/auth?scope=email%20profile&state=profi…d=554886359117-8icq0dc9halr8rjd6bdtqcmagrdql9lr.apps.googleusercontent.com.
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:8080' is therefore not allowed
> access.
I have tweaked a little around but I can't seem to find my way through.
Any thought on this?
答案1
得分: 1
像Not_a_Golfer说的那样,你的后端没有正确设置响应的头部信息。为了处理所有情况下的CORS问题,我创建了这个小的处理程序,它包装了你的路由器,这样你就不必在每个回调函数中手动设置头部信息。
使用方法如下:
import "github.com/heppu/simple-cors"
func init() {
r := mux.NewRouter()
r.HandleFunc("/", rootHandler)
r.HandleFunc("/callback", callbackHandler)
http.Handle("/", cors.CORS(r))
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "我从服务器返回了!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
英文:
Like Not_a_Golfer said your backend is not setting correct headers to response. To handle CORS problem in every cases I made this little handler that wraps your router so you don't have to manually set headers in every callback.
Use it like this:
import "github.com/heppu/simple-cors"
func init() {
r := mux.NewRouter()
r.HandleFunc("/", rootHandler)
r.HandleFunc("/callback", callbackHandler)
http.Handle("/", cors.CORS(r))
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
答案2
得分: 0
只需将CORS标头添加到您的callbackHandler中:
// 通过命令行标志、环境变量或其他方式使其可配置
var MyServerName = "https://localhost:8080"
func callbackHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Access-Control-Allow-Origin", MyServerName)
fmt.Fprint(w, "我是从服务器发送回来的!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
英文:
Just add CORS headers to your callbackHandler:
// make this configurable via command line flags, env var, or something
var MyServerName = "https://localhost:8080"
func callbackHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Access-Control-Allow-Origin", MyServerName)
fmt.Fprint(w, "I am sent back from the server!"+time.Now().Format("Mon, 02 Jan 2006 15:04:05 MST"))
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论