CORS授权polymer和goapp golang

huangapple go评论94阅读模式
英文:

CORS Authorization polymer and goapp golang

问题

我有一个与goapp服务器交互的聚合前端。只要我不在头部传递授权令牌,一切都正常。以下是Polymer端的代码:

<iron-ajax
    auto
    url="http://localhost:8080/ephomenotes"
    handle-as="json"
    last-response="{{response}}"
    headers="[[_computeHeader()]]"
    debounce-duration="300">
</iron-ajax>

_computeHeader() {
    var token = localStorage.getItem("savedToken");
    var obj = {};
    obj.Authorization = "Bearer " + token;
    return obj;
    //return {"Authorization": "Bearer " + token};
}

在Go服务器端:

w.Header().Set("Access-Control-Allow-Credentials", "true")
if origin := r.Header.Get("Origin"); origin != "" {
    w.Header().Set("Access-Control-Allow-Origin", origin)
}
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")

if r.Method == "OPTIONS" {
    return
}

请注意,如果我从Polymer代码中删除headers="[[_computeHeader()]]",那么它可以正常工作。但是使用授权令牌时,它会抛出以下错误:

XMLHttpRequest无法加载http://localhost:8080/ephomenotes。预检请求的响应未通过访问控制检查:所请求的资源上没有'Access-Control-Allow-Origin'头。因此,不允许访问来源'http://localhost:8081'。

请帮忙解决。

英文:

I have polymer frontend which interact with goapp server. Everything works fine as long as I do not pass authorization token in header. Here is the code at Polymer side

&lt;iron-ajax
      auto
        url=&quot;http://localhost:8080/ephomenotes&quot;
        handle-as=&quot;json&quot;
        last-response=&quot;{{response}}&quot;
        headers=&quot;[[_computeHeader()]]&quot;
        debounce-duration=&quot;300&quot;&gt;&lt;/iron-ajax&gt;

_computeHeader() {
        var token = localStorage.getItem(&quot;savedToken&quot;);
         var obj = {};
         obj.Authorization = &quot;Bearer &quot; + token;
         return obj;
        //return {&quot;Authorization&quot;: &quot;Bearer &quot; + token};
      }

At golang server side

w.Header().Set(&quot;Access-Control-Allow-Credentials&quot;, &quot;true&quot;)
if origin := r.Header.Get(&quot;Origin&quot;); origin != &quot;&quot; {
	w.Header().Set(&quot;Access-Control-Allow-Origin&quot;, origin)
}
w.Header().Set(&quot;Access-Control-Allow-Headers&quot;, &quot;Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization&quot;)

if r.Method == &quot;OPTIONS&quot; {
	return
}

Please note is I remove headers="[[_computeHeader()]]" from polymer code then it works..However with Authorization token it throws following error.

> XMLHttpRequest cannot load http://localhost:8080/ephomenotes. Response
> to preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:8081' is therefore not allowed
> access.

Please help

答案1

得分: 2

解决了问题..

为选项创建了新的路由

r.OPTIONS("/ephomenotes", optionsheader)
r.GET("/ephomenotes", env.EPHomePage)

这是新的函数。

func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

	w.Header().Set("Access-Control-Allow-Credentials", "true")
	if origin := r.Header.Get("Origin"); origin != "" {
		w.Header().Set("Access-Control-Allow-Origin", origin)
	}
	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
	// w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")

}

但是我不确定为什么这个方法有效?

英文:

Resolved the issue ..

created new route for options

r.OPTIONS(&quot;/ephomenotes&quot;, optionsheader)
r.GET(&quot;/ephomenotes&quot;, env.EPHomePage)

This is the new function.

func optionsheader(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

	w.Header().Set(&quot;Access-Control-Allow-Credentials&quot;, &quot;true&quot;)
	if origin := r.Header.Get(&quot;Origin&quot;); origin != &quot;&quot; {
		w.Header().Set(&quot;Access-Control-Allow-Origin&quot;, origin)
	}
	w.Header().Set(&quot;Access-Control-Allow-Headers&quot;, &quot;Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization&quot;)
	// w.Header().Set(&quot;Access-Control-Allow-Methods&quot;, &quot;POST, GET, OPTIONS, PUT, DELETE&quot;)

}

However I am not sure, why this one worked?

huangapple
  • 本文由 发表于 2017年5月22日 07:28:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/44102754.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定