英文:
Update: Send the origin header with js websockets
问题
我一直在使用Go语言中的gorilla-websocket进行尝试,当我实现基本的回声示例时,在部署服务器后记录了一个错误:
未找到Origin
Websocket版本!= 13
我找到了一种绕过此问题的方法,即使是检查Origin的函数始终返回true
var wsUpgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: func(r *http.Request) bool {
return true
},
}
但这样做感觉不对。因此,我正在寻找解决这个问题的方法。
更新:再次查看问题后,似乎我实际上是要在客户端实现中添加Origin标头,这是JavaScript WebSocket实现。
@benjic
我通过一个JavaScript的HTML5应用程序连接到WebSocket,该应用程序不托管在同一服务器上,而是由我在Chrome上本地运行。
那么我该如何做呢?
英文:
I've been playing around with gorilla-websocket in Go, and as I implemented the basic echo example, I logged an error after deploying the server,
> Origin is not found
> Websocket version != 13
I found a way to bypass this by making the function that checks the origin always return true
var wsUpgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: func(r *http.Request) bool {
return true
},
}
But it doesn't feel right. Therefore, I am looking for a way to fix that issue.
Update: After having another look at the issue it seems like I'm actually looking to add the origin header to the client implementation which is the javascript websocket implementation
@benjic
Im connecting to the websocket via a javascript html5 application that isn't hosted on the same server but is run locally by me via chrome
So how do I do that.
答案1
得分: 5
通过阅读Gorilla WebSocket文档,可以得知当在Upgrader类型的CheckOrigin字段中提供了一个nil值时,会使用一个安全的默认值。默认值会检查传入请求的Origin字段和Host头部的值是否相等,然后才允许该请求。文档指出,浏览器不会强制执行跨域有效性,这是服务器应用程序的责任。你可以在Gorilla库的源代码中看到具体的实现方式。
文档和源代码中指出,在websocket包中有一个Upgrade函数,它充当了上面你示例代码中的一个工厂函数。这个工厂函数接受一个自定义的缓冲区大小,并覆盖了CheckOrigin函数,使其始终返回true。你可以在HttpHandler中使用这个工厂函数来升级你的连接。
func webSocketHandler(w http.ResponseWriter, r *http.Request) {
conn, err := websocket.Upgrade(w, r, nil, 1024, 1024)
defer conn.Close()
if err != nil {
http.Error(w, err, http.StatusInternalServerError)
return
}
conn.WriteMessage(websocket.TextMessage, []byte("Hello, world!"))
}
英文:
Reading through the Gorilla WebSocket Documentation indicates that when a nil value is provided for the CheckOrigin field of an Upgrader type a safe default is used. The default checks the Origin field of the incoming request with the Host header value to confirm they are equal before allowing the request. The documentation indicates that browsers do not enforce cross origin validity and it is the responsibility of the server application to enforce. You can see exactly how this is done in the source code for the Gorilla library.
The documentation and source indicate an Upgrade function in the websocket package that acts as a factory for your example code above. The factory function takes a custom buffer size and overrides the CheckOrigin to always return true. Instead of creating a custom Upgrader you can use this factory function in the HttpHandler to upgrade your connections.
func webSocketHandler(w http.ResponseWriter, r *http.Request) {
conn, err := websocket.Upgrade(w, r, nil, 1024, 1024)
defer conn.Close()
if err != nil {
http.Error(w, err, http.StatusInternalServerError)
return
}
conn.WriteMessage(websocket.TextMessage, []byte("Hello, world!"))
}
答案2
得分: 2
将你的HTML部署到服务器上,例如使用nginx或者直接使用node启动。然后在浏览器中获取主机名和端口。
然后在创建Upgrader时允许该地址,例如:
var origins = []string{"http://127.0.0.1:18081", "http://localhost:18081", "http://example.com"}
var _ = websocket.Upgrader{
// 解决跨域问题
CheckOrigin: func(r *http.Request) bool {
var origin = r.Header.Get("origin")
for _, allowOrigin := range origins {
if origin == allowOrigin {
return true
}
}
return false
}}
英文:
Deploy your html to a server, e.g nginx or just use node to start. Then it will get a hostname & port in browser.
Then allow that address when create Upgrader , e.g:
var origins = []string{ "http://127.0.0.1:18081", "http://localhost:18081", "http://example.com"}
var _ = websocket.Upgrader{
// Resolve cross-domain problems
CheckOrigin: func(r *http.Request) bool {
var origin = r.Header.Get("origin")
for _, allowOrigin := range origins {
if origin == allowOrigin {
return true
}
}
return false
}}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论