英文:
What parameters can we specify along with it's acceptable options in CORSWithConfig using middleware in Echo Framework Golang custom configuration
问题
以下是关于在使用Echo框架处理CORS时,使用CORSWithConfig自定义配置的参数及其可接受的值以及如何使用的信息。
在Echo框架中,可以使用CORSWithConfig函数来创建一个自定义的CORS中间件配置。该函数接受一个cors.Config类型的参数,该类型定义了CORS中间件的配置选项。
cors.Config类型的参数包括以下字段:
AllowOrigins:允许的源(Origin)列表。可以是具体的域名,也可以是通配符(例如*)。AllowMethods:允许的HTTP方法列表。例如:[]string{"GET", "POST", "PUT"}。AllowHeaders:允许的HTTP头列表。例如:[]string{"Content-Type", "Authorization"}。ExposeHeaders:暴露给客户端的HTTP头列表。AllowCredentials:是否允许发送身份凭证(如Cookie)。MaxAge:预检请求的最大缓存时间(以秒为单位)。OptionsPassthrough:是否将OPTIONS请求传递给下一个处理程序。
以下是一个示例代码,演示如何使用CORSWithConfig函数创建一个自定义的CORS中间件配置:
import (
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
)
func main() {
e := echo.New()
// 创建一个自定义的CORS配置
corsConfig := middleware.DefaultCORSConfig()
corsConfig.AllowOrigins = []string{"http://example.com"}
corsConfig.AllowMethods = []string{echo.GET, echo.POST}
corsConfig.AllowHeaders = []string{echo.HeaderContentType, echo.HeaderAuthorization}
// 使用CORS中间件,并传入自定义的配置
e.Use(middleware.CORSWithConfig(corsConfig))
// 添加路由和处理程序
// ...
// 启动Echo服务器
e.Start(":8080")
}
以上代码中,我们创建了一个自定义的CORS配置,并将其传递给CORSWithConfig函数。然后,我们使用e.Use方法将CORS中间件添加到Echo实例中。
请根据你的需求修改cors.Config中的字段值,以满足你的CORS需求。
英文:
What are the parameters and their acceptable values, and how to use CORSWithConfig custom configuration in middleware while using echo framework, in golang, to handle CORS.
答案1
得分: 2
实际上,还有许多其他参数。您可以在这里阅读有关它们的信息。
配置
CORSConfig结构体 {
// Skipper定义一个跳过中间件的函数。
Skipper Skipper
// AllowOrigin定义可以访问资源的源列表。
// 可选。默认值[]string{"*"}。
AllowOrigins []string `yaml:"allow_origins"`
// AllowOriginFunc是一个自定义函数,用于验证源。它以源作为参数,如果允许则返回true,否则返回false。如果返回错误,则由处理程序返回。如果设置了此选项,则忽略AllowOrigins。
// 可选。
AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`
// AllowMethods定义在访问资源时允许的方法列表。
// 这用于响应预检请求。
// 可选。默认值DefaultCORSConfig.AllowMethods。
AllowMethods []string `yaml:"allow_methods"`
// AllowHeaders定义在进行实际请求时可以使用的请求头列表。这是对预检请求的响应。
// 可选。默认值[]string{}。
AllowHeaders []string `yaml:"allow_headers"`
// AllowCredentials指示是否可以在凭据标志为true时公开对请求的响应。
// 当作为对预检请求的响应的一部分使用时,这指示是否可以使用凭据进行实际请求。
// 可选。默认值false。
AllowCredentials bool `yaml:"allow_credentials"`
// ExposeHeaders定义客户端允许访问的白名单头。
// 可选。默认值[]string{}。
ExposeHeaders []string `yaml:"expose_headers"`
// MaxAge指示预检请求的结果可以缓存多长时间(以秒为单位)。
// 可选。默认值0。
MaxAge int `yaml:"max_age"`
}
示例用法
e := echo.New()
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
}))
默认值
DefaultCORSConfig = CORSConfig{
Skipper: DefaultSkipper,
AllowOrigins: []string{"*"},
AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
}
英文:
Actually, there are many other parameters. You can read about them here.
<hr>
Configurations
CORSConfig struct {
// Skipper defines a function to skip middleware.
Skipper Skipper
// AllowOrigin defines a list of origins that may access the resource.
// Optional. Default value []string{"*"}.
AllowOrigins []string `yaml:"allow_origins"`
// AllowOriginFunc is a custom function to validate the origin. It takes the
// origin as an argument and returns true if allowed or false otherwise. If
// an error is returned, it is returned by the handler. If this option is
// set, AllowOrigins is ignored.
// Optional.
AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`
// AllowMethods defines a list methods allowed when accessing the resource.
// This is used in response to a preflight request.
// Optional. Default value DefaultCORSConfig.AllowMethods.
AllowMethods []string `yaml:"allow_methods"`
// AllowHeaders defines a list of request headers that can be used when
// making the actual request. This is in response to a preflight request.
// Optional. Default value []string{}.
AllowHeaders []string `yaml:"allow_headers"`
// AllowCredentials indicates whether or not the response to the request
// can be exposed when the credentials flag is true. When used as part of
// a response to a preflight request, this indicates whether or not the
// actual request can be made using credentials.
// Optional. Default value false.
AllowCredentials bool `yaml:"allow_credentials"`
// ExposeHeaders defines a whitelist headers that clients are allowed to
// access.
// Optional. Default value []string{}.
ExposeHeaders []string `yaml:"expose_headers"`
// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached.
// Optional. Default value 0.
MaxAge int `yaml:"max_age"`
}
<hr>
Example Usage
e := echo.New()
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType,
echo.HeaderAccept},
}))
<hr>
Default
DefaultCORSConfig = CORSConfig{
Skipper: DefaultSkipper,
AllowOrigins: []string{"*"},
AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
}
答案2
得分: -1
这是一个关于如何使用CORSWithConfig的示例,以及我们可以在AllowHeaders、ExposeHeaders和AllowMethods中使用的所有可能值。
app := echo.New()
app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"http://127.0.0.1:5173", "wails://wails.localhost:34115", "http://127.0.0.1:5174"},
// AllowOrigins: []string{"*"},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
AllowCredentials: true,
// ExposeHeaders: []string{"*"},
ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, "X-User-Id", "X-User-Email", "X-User-Name", "X-User-Role", "X-User-Permissions", "X-User-Groups", "X-User-Scopes", "X-User-Sub", "X-Set-Cookie", "X-Set-Cookie-Expires", "X-Set-Cookie-Max-Age", "X-Set-Cookie-Path", "X-Set-Cookie-Domain", "X-Set-Cookie-Secure", "X-Set-Cookie-HttpOnly", "X-Set-Cookie-SameSite", "X-Set-Cookie-Raw"},
AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
}))
希望对你有帮助!
英文:
Here's a sample on how we can use CORSWithConfig
and all the possible values we can use with AllowHeaders, ExposeHeaders, and AllowMethods.
app := echo.New()
app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"http://127.0.0.1:5173", "wails://wails.localhost:34115", "http://127.0.0.1:5174"},
// AllowOrigins: []string{"*"},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
AllowCredentials: true,
// ExposeHeaders: []string{"*"},
ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, "X-User-Id", "X-User-Email", "X-User-Name", "X-User-Role", "X-User-Permissions", "X-User-Groups", "X-User-Scopes", "X-User-Sub", "X-Set-Cookie", "X-Set-Cookie-Expires", "X-Set-Cookie-Max-Age", "X-Set-Cookie-Path", "X-Set-Cookie-Domain", "X-Set-Cookie-Secure", "X-Set-Cookie-HttpOnly", "X-Set-Cookie-SameSite", "X-Set-Cookie-Raw"},
AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
}))
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论