mayiming/hldrCenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改跨域配置

Browse Source
This commit is contained in:
马懿铭
2025-11-04 11:52:15 +08:00
parent 0bc22e9d49
commit 0bec4c0129
1 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
server/middleware/cors/cors.go
View File

@@ -10,16 +10,15 @@ import (
func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc { func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
// 1. 打印配置的允许源(调试用 // 1. 获取请求的Origin头跨域请求时浏览器会自动带上
fmt.Printf("允许的前端源配置:%v\n", serverConfig.AllowedOrigins)
// 2. 获取请求的Origin头
origin := c.Request.Header.Get("Origin") origin := c.Request.Header.Get("Origin")
fmt.Printf("当前请求源:%s\n", origin) // 调试用 fmt.Printf("当前请求源:%s\n", origin) // 调试用
// 3. 简化跨域逻辑:如果配置了*,直接允许所有源 // 2. 确定允许的Origin核心修正
allowOrigin := "" allowOrigin := ""
hasWildcard := false hasWildcard := false
// 检查配置中是否有通配符*
for _, allowed := range serverConfig.AllowedOrigins { for _, allowed := range serverConfig.AllowedOrigins {
if allowed == "*" { if allowed == "*" {
hasWildcard = true hasWildcard = true
@@ -28,10 +27,13 @@ func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
} }
if hasWildcard { if hasWildcard {
// 配置了*直接设置为*(兼容所有源) // 配置了*且请求有Origin跨域请求则动态允许当前Origin
allowOrigin = "*" // (解决*与credentials冲突的问题
if origin != "" {
allowOrigin = origin
}
} else { } else {
// 没有*,精确匹配 // 没有*,精确匹配配置的允许源
for _, allowed := range serverConfig.AllowedOrigins { for _, allowed := range serverConfig.AllowedOrigins {
if allowed == origin { if allowed == origin {
allowOrigin = origin allowOrigin = origin
@@ -40,22 +42,22 @@ func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
} }
} }
// 设置跨域 // 3. 设置跨域响应头仅当确定了允许的Origin时才设置
if allowOrigin != "" { if allowOrigin != "" {
c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin) c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
} }
// 允许的方法包含上传需要的POST // 允许的方法包含上传需要的POST
c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH") c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
// 允许的头(包含上传可能用到的Content-Type // 允许的头(包含认证和内容类型
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With,session_id") c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With, session_id")
// 允许携带凭证(如果前端需要 // 允许携带凭证(Cookie等必须与具体Origin配合
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true") c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
// 预检请求缓存时间24小时 // 预检请求缓存时间24小时减少OPTIONS请求次数
c.Writer.Header().Set("Access-Control-Max-Age", "86400") c.Writer.Header().Set("Access-Control-Max-Age", "86400")
// 4. 处理OPTIONS预检请求上传文件前浏览器会先发这个请求 // 4. 处理OPTIONS预检请求上传文件前浏览器会先发这个请求
if c.Request.Method == "OPTIONS" { if c.Request.Method == "OPTIONS" {
fmt.Println("收到OPTIONS预检请求返回204") // 调试用 fmt.Println("收到OPTIONS预检请求返回204")
c.AbortWithStatus(http.StatusNoContent) c.AbortWithStatus(http.StatusNoContent)
return return
} }