Gin Series: Saas System, Gin+Jwt+ Casbin RestFul Api Backend Battle to the end 4: Cors Cross-domain Permit

Cross-domain Introduction to CORS

When a browser discovers that an AJAX request is cross-sourced, it automatically adds some additional headers, and sometimes an additional request, but the user doesn’t notice

So what is a codomain?

Very simple, the protocol, domain name, port are all the same in the same domain, three conditions are inconsistent, not the same domain, both cross domain; Examples are aaa.yourcompany.com:8892 and bbb.yourcompany.com:9902

As long as the protocol, domain name, port, any one is different. They’re all cross-domain.

What’s wrong with cross-domain?

Intercepts disallowed traffic across browsers

How to solve cross-domain

Gin framework middleware

    router := gin.New()
	router.Use(cors.New(cors.Config{
		AllowMethods: []string{"OPTIONS"."POST"."GET"},
		AllowHeaders: []string{"Origin"."X-Requested-With"."Content-Type"."Accept"."YOUR-CUSTOM-TOKEN"},
		AllowCredentials: true,
		AllowOriginFunc: func(origin string) bool {
			return true
		},
	}))cors
Copy the code

Server solved, how to call the client?

The client calls the Http header with “Content-Type”, “Accept”, “your-custom-token” and you can communicate across domains. Okay?

When do you use cross-domain?

Typically api.xxx.com is then cross-domain configured middleware. Add the HTTP header to the client. Perfect.

Vue and REAC can be configured with target: Proxy to implement cross-domain configuration of API domain names.

What else?

Umi. Js, next. Js and other frameworks. How to configure it? A little question for you to explore.