From f274cadc3cd076f62b2db74701eb2cf09979e01c Mon Sep 17 00:00:00 2001
From: mayiming <1627832236@qq.com>
Date: Sat, 1 Nov 2025 19:36:39 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9cors=E8=AE=BE=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/middleware/cors.go | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/server/middleware/cors.go b/server/middleware/cors.go
index c0c76482..3a0cbb84 100644
--- a/server/middleware/cors.go
+++ b/server/middleware/cors.go
@@ -10,36 +10,53 @@ import (
 
 func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 1. 打印配置的允许源（调试用，确认配置是否正确加载）
-		fmt.Printf("允许的前端源：%v\n", serverConfig.AllowedOrigins)
+		// 1. 打印配置的允许源（调试用）
+		fmt.Printf("允许的前端源配置：%v\n", serverConfig.AllowedOrigins)
 
 		// 2. 获取请求的Origin头
 		origin := c.Request.Header.Get("Origin")
 		fmt.Printf("当前请求源：%s\n", origin) // 调试用
 
-		// 3. 宽松的跨域匹配逻辑
+		// 3. 简化跨域逻辑：如果配置了*，直接允许所有源
 		allowOrigin := ""
-		if len(serverConfig.AllowedOrigins) > 0 {
+		hasWildcard := false
+		for _, allowed := range serverConfig.AllowedOrigins {
+			if allowed == "*" {
+				hasWildcard = true
+				break
+			}
+		}
+
+		if hasWildcard {
+			// 配置了*，直接设置为*（兼容所有源）
+			allowOrigin = "*"
+		} else {
+			// 没有*，精确匹配
 			for _, allowed := range serverConfig.AllowedOrigins {
-				// 支持通配符*，或精确匹配
-				if allowed == "*" || allowed == origin {
+				if allowed == origin {
 					allowOrigin = origin
 					break
 				}
 			}
 		}
 
+		// 设置跨域头
 		if allowOrigin != "" {
 			c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
 		}
-		c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS,PATCH")
-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization")
+		// 允许的方法（包含上传需要的POST）
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
+		// 允许的头（包含上传可能用到的Content-Type）
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With")
+		// 允许携带凭证（如果前端需要）
 		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
-		c.Writer.Header().Set("Access-Control-Max-Age", "86400") // 24小时缓存预检请求
+		// 预检请求缓存时间（24小时）
+		c.Writer.Header().Set("Access-Control-Max-Age", "86400")
 
-		// 6. 处理OPTIONS预检请求
+		// 4. 处理OPTIONS预检请求（上传文件前浏览器会先发这个请求）
 		if c.Request.Method == "OPTIONS" {
-			c.AbortWithStatus(http.StatusNoContent) // 使用204更规范
+			fmt.Println("收到OPTIONS预检请求，返回204") // 调试用
+			c.AbortWithStatus(http.StatusNoContent)
 			return
 		}