修改cors设置
This commit is contained in:
@@ -10,36 +10,53 @@ import (
|
|||||||
|
|
||||||
func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
|
func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
// 1. 打印配置的允许源(调试用,确认配置是否正确加载)
|
// 1. 打印配置的允许源(调试用)
|
||||||
fmt.Printf("允许的前端源:%v\n", serverConfig.AllowedOrigins)
|
fmt.Printf("允许的前端源配置:%v\n", serverConfig.AllowedOrigins)
|
||||||
|
|
||||||
// 2. 获取请求的Origin头
|
// 2. 获取请求的Origin头
|
||||||
origin := c.Request.Header.Get("Origin")
|
origin := c.Request.Header.Get("Origin")
|
||||||
fmt.Printf("当前请求源:%s\n", origin) // 调试用
|
fmt.Printf("当前请求源:%s\n", origin) // 调试用
|
||||||
|
|
||||||
// 3. 宽松的跨域匹配逻辑
|
// 3. 简化跨域逻辑:如果配置了*,直接允许所有源
|
||||||
allowOrigin := ""
|
allowOrigin := ""
|
||||||
if len(serverConfig.AllowedOrigins) > 0 {
|
hasWildcard := false
|
||||||
|
for _, allowed := range serverConfig.AllowedOrigins {
|
||||||
|
if allowed == "*" {
|
||||||
|
hasWildcard = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if hasWildcard {
|
||||||
|
// 配置了*,直接设置为*(兼容所有源)
|
||||||
|
allowOrigin = "*"
|
||||||
|
} else {
|
||||||
|
// 没有*,精确匹配
|
||||||
for _, allowed := range serverConfig.AllowedOrigins {
|
for _, allowed := range serverConfig.AllowedOrigins {
|
||||||
// 支持通配符*,或精确匹配
|
if allowed == origin {
|
||||||
if allowed == "*" || allowed == origin {
|
|
||||||
allowOrigin = origin
|
allowOrigin = origin
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 设置跨域头
|
||||||
if allowOrigin != "" {
|
if allowOrigin != "" {
|
||||||
c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
|
c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
|
||||||
}
|
}
|
||||||
c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS,PATCH")
|
// 允许的方法(包含上传需要的POST)
|
||||||
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization")
|
c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
|
||||||
|
// 允许的头(包含上传可能用到的Content-Type)
|
||||||
|
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With")
|
||||||
|
// 允许携带凭证(如果前端需要)
|
||||||
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
|
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
|
||||||
c.Writer.Header().Set("Access-Control-Max-Age", "86400") // 24小时缓存预检请求
|
// 预检请求缓存时间(24小时)
|
||||||
|
c.Writer.Header().Set("Access-Control-Max-Age", "86400")
|
||||||
|
|
||||||
// 6. 处理OPTIONS预检请求
|
// 4. 处理OPTIONS预检请求(上传文件前浏览器会先发这个请求)
|
||||||
if c.Request.Method == "OPTIONS" {
|
if c.Request.Method == "OPTIONS" {
|
||||||
c.AbortWithStatus(http.StatusNoContent) // 使用204更规范
|
fmt.Println("收到OPTIONS预检请求,返回204") // 调试用
|
||||||
|
c.AbortWithStatus(http.StatusNoContent)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user