This is the 20th day of my participation in the November Gwen Challenge. Check out the details: The last Gwen Challenge 2021
Intractable cross-domain problems
We often hear cross-domain problems when working on projects with separated front and back ends. It’s not unusual to see someone headline an article that says the front end supports cross-domain, but that’s obviously just a gimmick.
The concept of cross – domain, I am uneducated, not to say more. If you are interested, you can search the relevant introduction.
Why roll go
Since the official Mdnice warehouse has not been maintained for a long time, and there are so many personal articles, I decided to make a super low edition of Mdnice by myself, although I shamelessly called it MDNICe-Plus, in the absence of directory and search functions and official neglect of folder related issues.
In addition, I also feel that I have not reviewed GO for about 2 years and need to practice GO again, so I plan to use GIN + GORM to finish the back-end.
Today, we will talk about how to solve cross-domain problems in GIN, the Web framework of GO, and the pitfalls in the practice process.
I have probably copied a small part of the function of MDNICE, just need a map bed and directory. It would look something like this:
Solution (if it does not work, please refer to the trampling guide directly)
-
Folk version ⭐⭐⭐⭐
The private version refers to the unofficial version. In fact, to solve the cross-domain problem, it is only necessary to set the allow data in response header, so a private version is issued without official support.
Take a look at the rough version:
/ / article self-knowledge on: https://zhuanlan.zhihu.com/p/228881482
package middleware
import (
"github.com/gin-gonic/gin"
"net/http"
)
func Cors(a) gin.HandlerFunc {
return func(context *gin.Context) {
method := context.Request.Method
context.Header("Access-Control-Allow-Origin"."*")
context.Header("Access-Control-Allow-Headers"."Content-Type,AccessToken,X-CSRF-Token, Authorization, Token")
context.Header("Access-Control-Allow-Methods"."POST, GET, OPTIONS")
context.Header("Access-Control-Expose-Headers"."Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
context.Header("Access-Control-Allow-Credentials"."true")
if method == "OPTIONS" {
context.AbortWithStatus(http.StatusNoContent)
}
context.Next()
}
}
Copy the codeThe usage is simple, app.use (Cors()).
-
Official version ⭐⭐⭐⭐⭐
Gin-contrib /cors package provided in contrib/cors.Config allows you to configure cross-domain options.
import (
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
app := gin.New()
app.Use(cors.Default())
}
Copy the codeThe reason why it is recommended over the folk version is that it has very little code and looks very close to something like app.use (log).
Guidelines on pit
Since I used iris as a Web framework, I don’t know much about GIN.
If app.Use(middleware) is placed after a route is registered, the interface is not a cross-domain interface, meaning that app.Use is cross-domain.
A lot of articles don’t say this. So sometimes I configure it and it doesn’t work.
For example, I write code like this:
This will result in an error because the CORS was added last.
But the upside is that if I put all the interfaces I need to log in after app.use (auth), it will be much easier for me to write the interfaces without any extra processing.
Because the go level of the blogger is general, humbly accept everyone’s suggestions/opinions ~ everyone also want to volume go encountered cross-domain problems, you can refer to this article =3=