CORS授权polymer和goapp golang

huangapple
go评论118阅读模式
英文:

CORS Authorization polymer and goapp golang

问题

我有一个与goapp服务器交互的聚合前端。只要我不在头部传递授权令牌,一切都正常。以下是Polymer端的代码:

  1. <iron-ajax
  2.     auto
  3.     url="http://localhost:8080/ephomenotes"
  4.     handle-as="json"
  5.     last-response="{{response}}"
  6.     headers="[[_computeHeader()]]"
  7.     debounce-duration="300">
  8. </iron-ajax>
  10. _computeHeader() {
  11.     var token = localStorage.getItem("savedToken");
  12.     var obj = {};
  13.     obj.Authorization = "Bearer " + token;
  14.     return obj;
  15.     //return {"Authorization": "Bearer " + token};
  16. }

在Go服务器端:

  1. w.Header().Set("Access-Control-Allow-Credentials", "true")
  2. if origin := r.Header.Get("Origin"); origin != "" {
  3.     w.Header().Set("Access-Control-Allow-Origin", origin)
  4. }
  5. w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
  7. if r.Method == "OPTIONS" {
  8.     return
  9. }

请注意,如果我从Polymer代码中删除headers="[[_computeHeader()]]",那么它可以正常工作。但是使用授权令牌时,它会抛出以下错误:

XMLHttpRequest无法加载http://localhost:8080/ephomenotes。预检请求的响应未通过访问控制检查:所请求的资源上没有'Access-Control-Allow-Origin'头。因此,不允许访问来源'http://localhost:8081'。

请帮忙解决。

英文:

I have polymer frontend which interact with goapp server. Everything works fine as long as I do not pass authorization token in header. Here is the code at Polymer side

  1. &lt;iron-ajax
  2.       auto
  3.         url=&quot;http://localhost:8080/ephomenotes&quot;
  4.         handle-as=&quot;json&quot;
  5.         last-response=&quot;{{response}}&quot;
  6.         headers=&quot;[[_computeHeader()]]&quot;
  7.         debounce-duration=&quot;300&quot;&gt;&lt;/iron-ajax&gt;
  9. _computeHeader() {
  10.         var token = localStorage.getItem(&quot;savedToken&quot;);
  11.          var obj = {};
  12.          obj.Authorization = &quot;Bearer &quot; + token;
  13.          return obj;
  14.         //return {&quot;Authorization&quot;: &quot;Bearer &quot; + token};
  15.       }

At golang server side

  1. w.Header().Set(&quot;Access-Control-Allow-Credentials&quot;, &quot;true&quot;)
  2. if origin := r.Header.Get(&quot;Origin&quot;); origin != &quot;&quot; {
  3. 	w.Header().Set(&quot;Access-Control-Allow-Origin&quot;, origin)
  4. }
  5. w.Header().Set(&quot;Access-Control-Allow-Headers&quot;, &quot;Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization&quot;)
  7. if r.Method == &quot;OPTIONS&quot; {
  8. 	return
  9. }

Please note is I remove headers="[[_computeHeader()]]" from polymer code then it works..However with Authorization token it throws following error.

> XMLHttpRequest cannot load http://localhost:8080/ephomenotes. Response
> to preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:8081' is therefore not allowed
> access.

Please help

答案1

得分: 2

解决了问题..

为选项创建了新的路由

  1. r.OPTIONS("/ephomenotes", optionsheader)
  2. r.GET("/ephomenotes", env.EPHomePage)

这是新的函数。

  1. func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
  3. 	w.Header().Set("Access-Control-Allow-Credentials", "true")
  4. 	if origin := r.Header.Get("Origin"); origin != "" {
  5. 		w.Header().Set("Access-Control-Allow-Origin", origin)
  6. 	}
  7. 	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
  8. 	// w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
  10. }

但是我不确定为什么这个方法有效?

英文:

Resolved the issue ..

created new route for options

  1. r.OPTIONS(&quot;/ephomenotes&quot;, optionsheader)
  2. r.GET(&quot;/ephomenotes&quot;, env.EPHomePage)

This is the new function.

  1. func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
  3. 	w.Header().Set(&quot;Access-Control-Allow-Credentials&quot;, &quot;true&quot;)
  4. 	if origin := r.Header.Get(&quot;Origin&quot;); origin != &quot;&quot; {
  5. 		w.Header().Set(&quot;Access-Control-Allow-Origin&quot;, origin)
  6. 	}
  7. 	w.Header().Set(&quot;Access-Control-Allow-Headers&quot;, &quot;Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization&quot;)
  8. 	// w.Header().Set(&quot;Access-Control-Allow-Methods&quot;, &quot;POST, GET, OPTIONS, PUT, DELETE&quot;)
  10. }

However I am not sure, why this one worked?

huangapple
  • 本文由 发表于 2017年5月22日 07:28:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/44102754.html
  • cors
  • go
  • google-app-engine
  • polymer
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定