跨源资源共享(CORS) - HTTP | MDN (mozilla.org)
个人感觉跨域看这个就行了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| package cor
import (
"github.com/gin-gonic/gin"
"net/http"
)
func Cors() gin.HandlerFunc {
return func(c *gin.Context) {
method := c.Request.Method
origin := c.Request.Header.Get("Origin")
c.Header("Access-Control-Allow-Origin", origin)
c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
c.Header("Access-Control-Allow-Credentials", "true")
if method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
}
c.Next()
}
}
func CorsByRules() gin.HandlerFunc {
if s.Mode == "allow-all" {
return Cors()
}
return func(c *gin.Context) {
whiteList := checkCors(c.GetHeader("origin"))
if whiteList != nil {
c.Header("Access-Control-Allow-Origin", whiteList.AllowOrigin)
c.Header("Access-Control-Allow-Headers", whiteList.AllowHeaders)
c.Header("Access-Control-Allow-Methods", whiteList.AllowMethods)
c.Header("Access-Control-Expose-Headers", whiteList.ExposeHeaders)
if whiteList.AllowCredentials {
c.Header("Access-Control-Allow-Credentials", "true")
}
}
if s.Whitelist == nil && s.Mode == "strict-white" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
c.AbortWithStatus(http.StatusForbidden)
} else {
if c.Request.Method == http.MethodOptions {
c.AbortWithStatus(http.StatusNoContent)
}
}
c.Next()
}
}
func checkCors(currentOrigin string) *SWhitelist {
for _, v := range s.Whitelist {
if v.AllowOrigin == currentOrigin {
return &v
}
}
return nil
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| var s = new(S)
type S struct {
Mode string
Whitelist []SWhitelist
}
type SWhitelist struct {
AllowOrigin string
AllowMethods string
AllowHeaders string
ExposeHeaders string
AllowCredentials bool
}
|
