68 lines
2.0 KiB
Go
68 lines
2.0 KiB
Go
package cors
|
||
|
||
import (
|
||
"fmt"
|
||
"net/http"
|
||
|
||
"github.com/JACKYMYPERSON/hldrCenter/config"
|
||
"github.com/gin-gonic/gin"
|
||
)
|
||
|
||
func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
// 1. 获取请求的Origin头(跨域请求时浏览器会自动带上)
|
||
origin := c.Request.Header.Get("Origin")
|
||
fmt.Printf("当前请求源:%s\n", origin) // 调试用
|
||
|
||
// 2. 确定允许的Origin(核心修正)
|
||
allowOrigin := ""
|
||
hasWildcard := false
|
||
|
||
// 检查配置中是否有通配符*
|
||
for _, allowed := range serverConfig.AllowedOrigins {
|
||
if allowed == "*" {
|
||
hasWildcard = true
|
||
break
|
||
}
|
||
}
|
||
|
||
if hasWildcard {
|
||
// 若配置了*,且请求有Origin(跨域请求),则动态允许当前Origin
|
||
// (解决*与credentials冲突的问题)
|
||
if origin != "" {
|
||
allowOrigin = origin
|
||
}
|
||
} else {
|
||
// 没有*,精确匹配配置的允许源
|
||
for _, allowed := range serverConfig.AllowedOrigins {
|
||
if allowed == origin {
|
||
allowOrigin = origin
|
||
break
|
||
}
|
||
}
|
||
}
|
||
|
||
// 3. 设置跨域响应头(仅当确定了允许的Origin时才设置)
|
||
if allowOrigin != "" {
|
||
c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
|
||
}
|
||
// 允许的方法(包含上传需要的POST)
|
||
c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
|
||
// 允许的头(包含认证和内容类型)
|
||
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With, session_id")
|
||
// 允许携带凭证(Cookie等,必须与具体Origin配合)
|
||
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
|
||
// 预检请求缓存时间(24小时,减少OPTIONS请求次数)
|
||
c.Writer.Header().Set("Access-Control-Max-Age", "86400")
|
||
|
||
// 4. 处理OPTIONS预检请求(上传文件前浏览器会先发这个请求)
|
||
if c.Request.Method == "OPTIONS" {
|
||
fmt.Println("收到OPTIONS预检请求,返回204")
|
||
c.AbortWithStatus(http.StatusNoContent)
|
||
return
|
||
}
|
||
|
||
c.Next()
|
||
}
|
||
}
|