What parameters can we specify along with it's acceptable options in CORSWithConfig using middleware in Echo Framework Golang custom configuration

huangapple go评论88阅读模式
英文:

What parameters can we specify along with it's acceptable options in CORSWithConfig using middleware in Echo Framework Golang custom configuration

问题

以下是关于在使用Echo框架处理CORS时,使用CORSWithConfig自定义配置的参数及其可接受的值以及如何使用的信息。

在Echo框架中,可以使用CORSWithConfig函数来创建一个自定义的CORS中间件配置。该函数接受一个cors.Config类型的参数,该类型定义了CORS中间件的配置选项。

cors.Config类型的参数包括以下字段:

  • AllowOrigins:允许的源(Origin)列表。可以是具体的域名,也可以是通配符(例如*)。
  • AllowMethods:允许的HTTP方法列表。例如:[]string{"GET", "POST", "PUT"}
  • AllowHeaders:允许的HTTP头列表。例如:[]string{"Content-Type", "Authorization"}
  • ExposeHeaders:暴露给客户端的HTTP头列表。
  • AllowCredentials:是否允许发送身份凭证(如Cookie)。
  • MaxAge:预检请求的最大缓存时间(以秒为单位)。
  • OptionsPassthrough:是否将OPTIONS请求传递给下一个处理程序。

以下是一个示例代码,演示如何使用CORSWithConfig函数创建一个自定义的CORS中间件配置:

import (
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

func main() {
	e := echo.New()

	// 创建一个自定义的CORS配置
	corsConfig := middleware.DefaultCORSConfig()
	corsConfig.AllowOrigins = []string{"http://example.com"}
	corsConfig.AllowMethods = []string{echo.GET, echo.POST}
	corsConfig.AllowHeaders = []string{echo.HeaderContentType, echo.HeaderAuthorization}

	// 使用CORS中间件,并传入自定义的配置
	e.Use(middleware.CORSWithConfig(corsConfig))

	// 添加路由和处理程序
	// ...

	// 启动Echo服务器
	e.Start(":8080")
}

以上代码中,我们创建了一个自定义的CORS配置,并将其传递给CORSWithConfig函数。然后,我们使用e.Use方法将CORS中间件添加到Echo实例中。

请根据你的需求修改cors.Config中的字段值,以满足你的CORS需求。

英文:

What are the parameters and their acceptable values, and how to use CORSWithConfig custom configuration in middleware while using echo framework, in golang, to handle CORS.

答案1

得分: 2

实际上,还有许多其他参数。您可以在这里阅读有关它们的信息。

配置

CORSConfig结构体 {
    // Skipper定义一个跳过中间件的函数。
    Skipper Skipper

    // AllowOrigin定义可以访问资源的源列表。
    // 可选。默认值[]string{"*"}。
    AllowOrigins []string `yaml:"allow_origins"`

    // AllowOriginFunc是一个自定义函数,用于验证源。它以源作为参数,如果允许则返回true,否则返回false。如果返回错误,则由处理程序返回。如果设置了此选项,则忽略AllowOrigins。
    // 可选。
    AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`

    // AllowMethods定义在访问资源时允许的方法列表。
    // 这用于响应预检请求。
    // 可选。默认值DefaultCORSConfig.AllowMethods。
    AllowMethods []string `yaml:"allow_methods"`

    // AllowHeaders定义在进行实际请求时可以使用的请求头列表。这是对预检请求的响应。
    // 可选。默认值[]string{}。
    AllowHeaders []string `yaml:"allow_headers"`

    // AllowCredentials指示是否可以在凭据标志为true时公开对请求的响应。
    // 当作为对预检请求的响应的一部分使用时,这指示是否可以使用凭据进行实际请求。
    // 可选。默认值false。
    AllowCredentials bool `yaml:"allow_credentials"`

    // ExposeHeaders定义客户端允许访问的白名单头。
    // 可选。默认值[]string{}。
    ExposeHeaders []string `yaml:"expose_headers"`

    // MaxAge指示预检请求的结果可以缓存多长时间(以秒为单位)。
    // 可选。默认值0。
    MaxAge int `yaml:"max_age"`
}

示例用法

e := echo.New()
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
    AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
    AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
}))

默认值

DefaultCORSConfig = CORSConfig{
    Skipper:      DefaultSkipper,
    AllowOrigins: []string{"*"},
    AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
}
英文:

Actually, there are many other parameters. You can read about them here.

<hr>

Configurations

CORSConfig struct {
  // Skipper defines a function to skip middleware.
  Skipper Skipper

  // AllowOrigin defines a list of origins that may access the resource.
  // Optional. Default value []string{&quot;*&quot;}.
  AllowOrigins []string `yaml:&quot;allow_origins&quot;`

  // AllowOriginFunc is a custom function to validate the origin. It takes the
  // origin as an argument and returns true if allowed or false otherwise. If
  // an error is returned, it is returned by the handler. If this option is
  // set, AllowOrigins is ignored.
  // Optional.
  AllowOriginFunc func(origin string) (bool, error) `yaml:&quot;allow_origin_func&quot;`

  // AllowMethods defines a list methods allowed when accessing the resource.
  // This is used in response to a preflight request.
  // Optional. Default value DefaultCORSConfig.AllowMethods.
  AllowMethods []string `yaml:&quot;allow_methods&quot;`

  // AllowHeaders defines a list of request headers that can be used when
  // making the actual request. This is in response to a preflight request.
  // Optional. Default value []string{}.
  AllowHeaders []string `yaml:&quot;allow_headers&quot;`

  // AllowCredentials indicates whether or not the response to the request
  // can be exposed when the credentials flag is true. When used as part of
  // a response to a preflight request, this indicates whether or not the
  // actual request can be made using credentials.
  // Optional. Default value false.
  AllowCredentials bool `yaml:&quot;allow_credentials&quot;`

  // ExposeHeaders defines a whitelist headers that clients are allowed to
  // access.
  // Optional. Default value []string{}.
  ExposeHeaders []string `yaml:&quot;expose_headers&quot;`

  // MaxAge indicates how long (in seconds) the results of a preflight request
  // can be cached.
  // Optional. Default value 0.
  MaxAge int `yaml:&quot;max_age&quot;`
}

<hr>

Example Usage

e := echo.New()
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  AllowOrigins: []string{&quot;https://labstack.com&quot;, &quot;https://labstack.net&quot;},
  AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, 
echo.HeaderAccept},
}))

<hr>

Default

DefaultCORSConfig = CORSConfig{
  Skipper:      DefaultSkipper,
  AllowOrigins: []string{&quot;*&quot;},
  AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
}

答案2

得分: -1

这是一个关于如何使用CORSWithConfig的示例,以及我们可以在AllowHeaders、ExposeHeaders和AllowMethods中使用的所有可能值。

app := echo.New()

app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
    AllowOrigins: []string{"http://127.0.0.1:5173", "wails://wails.localhost:34115", "http://127.0.0.1:5174"},
    // AllowOrigins:     []string{"*"},
    AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
    AllowCredentials: true,
    // ExposeHeaders:    []string{"*"},
    ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, "X-User-Id", "X-User-Email", "X-User-Name", "X-User-Role", "X-User-Permissions", "X-User-Groups", "X-User-Scopes", "X-User-Sub", "X-Set-Cookie", "X-Set-Cookie-Expires", "X-Set-Cookie-Max-Age", "X-Set-Cookie-Path", "X-Set-Cookie-Domain", "X-Set-Cookie-Secure", "X-Set-Cookie-HttpOnly", "X-Set-Cookie-SameSite", "X-Set-Cookie-Raw"},
    AllowMethods:  []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
}))

希望对你有帮助!

英文:

Here's a sample on how we can use CORSWithConfig
and all the possible values we can use with AllowHeaders, ExposeHeaders, and AllowMethods.

app := echo.New()
app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{&quot;http://127.0.0.1:5173&quot;, &quot;wails://wails.localhost:34115&quot;, &quot;http://127.0.0.1:5174&quot;},
// AllowOrigins:     []string{&quot;*&quot;},
AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
AllowCredentials: true,
// ExposeHeaders:    []string{&quot;*&quot;},
ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, &quot;X-User-Id&quot;, &quot;X-User-Email&quot;, &quot;X-User-Name&quot;, &quot;X-User-Role&quot;, &quot;X-User-Permissions&quot;, &quot;X-User-Groups&quot;, &quot;X-User-Scopes&quot;, &quot;X-User-Sub&quot;, &quot;X-Set-Cookie&quot;, &quot;X-Set-Cookie-Expires&quot;, &quot;X-Set-Cookie-Max-Age&quot;, &quot;X-Set-Cookie-Path&quot;, &quot;X-Set-Cookie-Domain&quot;, &quot;X-Set-Cookie-Secure&quot;, &quot;X-Set-Cookie-HttpOnly&quot;, &quot;X-Set-Cookie-SameSite&quot;, &quot;X-Set-Cookie-Raw&quot;},
AllowMethods:  []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
}))

huangapple
  • 本文由 发表于 2023年6月27日 00:07:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/76558428.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定