What parameters can we specify along with it's acceptable options in CORSWithConfig using middleware in Echo Framework Golang custom configuration

huangapple
go评论120阅读模式
英文:

What parameters can we specify along with it's acceptable options in CORSWithConfig using middleware in Echo Framework Golang custom configuration

问题

以下是关于在使用Echo框架处理CORS时,使用CORSWithConfig自定义配置的参数及其可接受的值以及如何使用的信息。

在Echo框架中,可以使用CORSWithConfig函数来创建一个自定义的CORS中间件配置。该函数接受一个cors.Config类型的参数,该类型定义了CORS中间件的配置选项。

cors.Config类型的参数包括以下字段:

  • AllowOrigins:允许的源(Origin)列表。可以是具体的域名,也可以是通配符(例如*)。
  • AllowMethods:允许的HTTP方法列表。例如:[]string{"GET", "POST", "PUT"}
  • AllowHeaders:允许的HTTP头列表。例如:[]string{"Content-Type", "Authorization"}
  • ExposeHeaders:暴露给客户端的HTTP头列表。
  • AllowCredentials:是否允许发送身份凭证(如Cookie)。
  • MaxAge:预检请求的最大缓存时间(以秒为单位)。
  • OptionsPassthrough:是否将OPTIONS请求传递给下一个处理程序。

以下是一个示例代码,演示如何使用CORSWithConfig函数创建一个自定义的CORS中间件配置:

  1. import (
  2. 	"github.com/labstack/echo/v4"
  3. 	"github.com/labstack/echo/v4/middleware"
  4. )
  6. func main() {
  7. 	e := echo.New()
  9. 	// 创建一个自定义的CORS配置
  10. 	corsConfig := middleware.DefaultCORSConfig()
  11. 	corsConfig.AllowOrigins = []string{"http://example.com"}
  12. 	corsConfig.AllowMethods = []string{echo.GET, echo.POST}
  13. 	corsConfig.AllowHeaders = []string{echo.HeaderContentType, echo.HeaderAuthorization}
  15. 	// 使用CORS中间件,并传入自定义的配置
  16. 	e.Use(middleware.CORSWithConfig(corsConfig))
  18. 	// 添加路由和处理程序
  19. 	// ...
  21. 	// 启动Echo服务器
  22. 	e.Start(":8080")
  23. }

以上代码中,我们创建了一个自定义的CORS配置,并将其传递给CORSWithConfig函数。然后,我们使用e.Use方法将CORS中间件添加到Echo实例中。

请根据你的需求修改cors.Config中的字段值,以满足你的CORS需求。

英文:

What are the parameters and their acceptable values, and how to use CORSWithConfig custom configuration in middleware while using echo framework, in golang, to handle CORS.

答案1

得分: 2

实际上,还有许多其他参数。您可以在这里阅读有关它们的信息。

配置

  1. CORSConfig结构体 {
  2.     // Skipper定义一个跳过中间件的函数。
  3.     Skipper Skipper
  5.     // AllowOrigin定义可以访问资源的源列表。
  6.     // 可选。默认值[]string{"*"}。
  7.     AllowOrigins []string `yaml:"allow_origins"`
  9.     // AllowOriginFunc是一个自定义函数,用于验证源。它以源作为参数,如果允许则返回true,否则返回false。如果返回错误,则由处理程序返回。如果设置了此选项,则忽略AllowOrigins。
  10.     // 可选。
  11.     AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`
  13.     // AllowMethods定义在访问资源时允许的方法列表。
  14.     // 这用于响应预检请求。
  15.     // 可选。默认值DefaultCORSConfig.AllowMethods。
  16.     AllowMethods []string `yaml:"allow_methods"`
  18.     // AllowHeaders定义在进行实际请求时可以使用的请求头列表。这是对预检请求的响应。
  19.     // 可选。默认值[]string{}。
  20.     AllowHeaders []string `yaml:"allow_headers"`
  22.     // AllowCredentials指示是否可以在凭据标志为true时公开对请求的响应。
  23.     // 当作为对预检请求的响应的一部分使用时,这指示是否可以使用凭据进行实际请求。
  24.     // 可选。默认值false。
  25.     AllowCredentials bool `yaml:"allow_credentials"`
  27.     // ExposeHeaders定义客户端允许访问的白名单头。
  28.     // 可选。默认值[]string{}。
  29.     ExposeHeaders []string `yaml:"expose_headers"`
  31.     // MaxAge指示预检请求的结果可以缓存多长时间(以秒为单位)。
  32.     // 可选。默认值0。
  33.     MaxAge int `yaml:"max_age"`
  34. }

示例用法

  1. e := echo.New()
  2. e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  3.     AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
  4.     AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
  5. }))

默认值

  1. DefaultCORSConfig = CORSConfig{
  2.     Skipper:      DefaultSkipper,
  3.     AllowOrigins: []string{"*"},
  4.     AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
  5. }
英文:

Actually, there are many other parameters. You can read about them here.

<hr>

Configurations

  1. CORSConfig struct {
  2.   // Skipper defines a function to skip middleware.
  3.   Skipper Skipper
  5.   // AllowOrigin defines a list of origins that may access the resource.
  6.   // Optional. Default value []string{&quot;*&quot;}.
  7.   AllowOrigins []string `yaml:&quot;allow_origins&quot;`
  9.   // AllowOriginFunc is a custom function to validate the origin. It takes the
  10.   // origin as an argument and returns true if allowed or false otherwise. If
  11.   // an error is returned, it is returned by the handler. If this option is
  12.   // set, AllowOrigins is ignored.
  13.   // Optional.
  14.   AllowOriginFunc func(origin string) (bool, error) `yaml:&quot;allow_origin_func&quot;`
  16.   // AllowMethods defines a list methods allowed when accessing the resource.
  17.   // This is used in response to a preflight request.
  18.   // Optional. Default value DefaultCORSConfig.AllowMethods.
  19.   AllowMethods []string `yaml:&quot;allow_methods&quot;`
  21.   // AllowHeaders defines a list of request headers that can be used when
  22.   // making the actual request. This is in response to a preflight request.
  23.   // Optional. Default value []string{}.
  24.   AllowHeaders []string `yaml:&quot;allow_headers&quot;`
  26.   // AllowCredentials indicates whether or not the response to the request
  27.   // can be exposed when the credentials flag is true. When used as part of
  28.   // a response to a preflight request, this indicates whether or not the
  29.   // actual request can be made using credentials.
  30.   // Optional. Default value false.
  31.   AllowCredentials bool `yaml:&quot;allow_credentials&quot;`
  33.   // ExposeHeaders defines a whitelist headers that clients are allowed to
  34.   // access.
  35.   // Optional. Default value []string{}.
  36.   ExposeHeaders []string `yaml:&quot;expose_headers&quot;`
  38.   // MaxAge indicates how long (in seconds) the results of a preflight request
  39.   // can be cached.
  40.   // Optional. Default value 0.
  41.   MaxAge int `yaml:&quot;max_age&quot;`
  42. }

<hr>

Example Usage

  1. e := echo.New()
  2. e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  3.   AllowOrigins: []string{&quot;https://labstack.com&quot;, &quot;https://labstack.net&quot;},
  4.   AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, 
  5. echo.HeaderAccept},
  6. }))

<hr>

Default

  1. DefaultCORSConfig = CORSConfig{
  2.   Skipper:      DefaultSkipper,
  3.   AllowOrigins: []string{&quot;*&quot;},
  4.   AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
  5. }

答案2

得分: -1

这是一个关于如何使用CORSWithConfig的示例,以及我们可以在AllowHeaders、ExposeHeaders和AllowMethods中使用的所有可能值。

  1. app := echo.New()
  3. app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  4.     AllowOrigins: []string{"http://127.0.0.1:5173", "wails://wails.localhost:34115", "http://127.0.0.1:5174"},
  5.     // AllowOrigins:     []string{"*"},
  6.     AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
  7.     AllowCredentials: true,
  8.     // ExposeHeaders:    []string{"*"},
  9.     ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, "X-User-Id", "X-User-Email", "X-User-Name", "X-User-Role", "X-User-Permissions", "X-User-Groups", "X-User-Scopes", "X-User-Sub", "X-Set-Cookie", "X-Set-Cookie-Expires", "X-Set-Cookie-Max-Age", "X-Set-Cookie-Path", "X-Set-Cookie-Domain", "X-Set-Cookie-Secure", "X-Set-Cookie-HttpOnly", "X-Set-Cookie-SameSite", "X-Set-Cookie-Raw"},
  10.     AllowMethods:  []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
  11. }))

希望对你有帮助!

英文:

Here's a sample on how we can use CORSWithConfig
and all the possible values we can use with AllowHeaders, ExposeHeaders, and AllowMethods.

  1. app := echo.New()
  2. app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  3. AllowOrigins: []string{&quot;http://127.0.0.1:5173&quot;, &quot;wails://wails.localhost:34115&quot;, &quot;http://127.0.0.1:5174&quot;},
  4. // AllowOrigins:     []string{&quot;*&quot;},
  5. AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken},
  6. AllowCredentials: true,
  7. // ExposeHeaders:    []string{&quot;*&quot;},
  8. ExposeHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowCredentials, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderAccessControlExposeHeaders, echo.HeaderAccessControlMaxAge, echo.HeaderAccessControlRequestHeaders, echo.HeaderAccessControlRequestMethod, echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderContentSecurityPolicy, echo.HeaderContentType, echo.HeaderCookie, echo.HeaderLastModified, echo.HeaderLocation, echo.HeaderOrigin, echo.HeaderServer, echo.HeaderSetCookie, echo.HeaderStrictTransportSecurity, echo.HeaderUpgrade, echo.HeaderVary, echo.HeaderWWWAuthenticate, echo.HeaderXContentTypeOptions, echo.HeaderXCSRFToken, echo.HeaderXFrameOptions, echo.HeaderXRequestID, echo.HeaderXRequestedWith, echo.HeaderXForwardedFor, echo.HeaderXForwardedProto, echo.HeaderXRealIP, echo.HeaderXCSRFToken, &quot;X-User-Id&quot;, &quot;X-User-Email&quot;, &quot;X-User-Name&quot;, &quot;X-User-Role&quot;, &quot;X-User-Permissions&quot;, &quot;X-User-Groups&quot;, &quot;X-User-Scopes&quot;, &quot;X-User-Sub&quot;, &quot;X-Set-Cookie&quot;, &quot;X-Set-Cookie-Expires&quot;, &quot;X-Set-Cookie-Max-Age&quot;, &quot;X-Set-Cookie-Path&quot;, &quot;X-Set-Cookie-Domain&quot;, &quot;X-Set-Cookie-Secure&quot;, &quot;X-Set-Cookie-HttpOnly&quot;, &quot;X-Set-Cookie-SameSite&quot;, &quot;X-Set-Cookie-Raw&quot;},
  9. AllowMethods:  []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
  10. }))

huangapple
  • 本文由 发表于 2023年6月27日 00:07:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/76558428.html
  • cors
  • echo
  • go
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定