我用Golang+Revel框架制作了API应用程序
现在我尝试从前端应用程序发送http请求,该请求由vue.js.发出
但由于cors的原因,PUT方法无法处理。(POST方法现在运行良好(
在reve中,我认为我们可以在app/init.go文件中设置标题,就像这个一样
var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")
// Add them by myself
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Method", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
fc[0](c, fc[1:]) // Execute the next filter stage.
但我仍然从API得到404错误,请求方法显示为OPTIONS。
如何设置请求标头以启用来处理每个请求?
在狂欢之前添加一个过滤器。恐慌过滤器
revel.Filters = []revel.Filter{
ValidateOrigin,
revel.PanicFilter, // Recover from panics and display an error page instead.
revel.RouterFilter, // Use the routing table to select the right Action
revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters.
revel.ParamsFilter, // Parse parameters into Controller.Params.
IpLimitFilter,
revel.SessionFilter, // Restore and write the session cookie.
revel.FlashFilter, // Restore and write the flash cookie.
revel.ValidationFilter, // Restore kept validation errors and save new ones from cookie.
revel.I18nFilter, // Resolve the requested language
HeaderFilter,
revel.InterceptorFilter, // Run interceptors around the action.
revel.CompressFilter, // Compress the result.
revel.BeforeAfterFilter, // Call the before and after filter functions
revel.ActionInvoker, // Invoke the action.
}
var ValidateOrigin = func(c *revel.Controller, fc []revel.Filter) {
if c.Request.Method == "OPTIONS" {
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定义 Header
c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
c.Response.Out.Header().Add("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
c.Response.Out.Header().Add("Access-Control-Allow-Credentials", "true")
c.Response.SetStatus(http.StatusNoContent)
// 截取复杂请求下post变成options请求后台处理方法(针对跨域请求检测)
} else {
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
c.Response.Out.Header().Add("X-Frame-Options", "SAMORIGIN")
c.Response.Out.Header().Add("Vary", "Origin, Access-Control-Request-Method, Access-Control-Request-Headers")
fc[0](c, fc[1:]) // Execute the next filter stage.
}
}
...
因为ajax将一个简单的请求(single-post(请求变成了二级请求,也就是说,首先发送一个选项请求来确定是否允许域,然后发送真正的请求post来获得结果。