从 go-swagger UI 访问 API 时 Golang 中的 CORS 问题
Posted
技术标签:
【中文标题】从 go-swagger UI 访问 API 时 Golang 中的 CORS 问题【英文标题】:CORS Issue in Golang while accessing API from go-swagger UI 【发布时间】:2021-01-28 11:03:12 【问题描述】:我已经为我的 API 文档实现了 go-swagger,该文档在我的本地主机上的不同端口上运行,我的应用程序在端口 8888 上运行。我已经实现了 cors https://github.com/rs/cors
我实现 cors 的代码是
var Router = func() *mux.Router
router := mux.NewRouter()
var c = cors.New(cors.Options
AllowedOrigins: []string"*",
AllowCredentials: true,
AllowedMethods :[]string"POST", "PUT","GET","DELETE","OPTIONS",
AllowedHeaders: []string"Accept", "Authorization", "Content-Type", "X-CSRF-Token",
MaxAge: 300,
// Enable Debugging for testing, consider disabling in production
Debug: true,
)
RegisterHandler := http.HandlerFunc(controllers.Register)
router.Handle("/api/register",c.Handler(middleware.RequestValidator(RegisterHandler,reflect.TypeOf(dto.UserRequest)))).Methods("POST")
fmt.Println("var1 = ", reflect.TypeOf(router))
return router
当从 Postman 发出请求时,似乎代码运行良好
邮递员响应标头
access-control-allow-credentials →true
access-control-allow-origin →*
content-length →123
content-type →application/json
date →Wed, 14 Oct 2020 04:02:37 GMT
vary →Origin
由于我在实现 cors 中间件时启用了调试,因此打印在控制台上的日志如下
控制台日志
[cors] 2020/10/14 09:32:37 Handler: Actual request
[cors] 2020/10/14 09:32:37 Actual response added headers: map[Access-Control-Allow-Credentials:[true] Access-Control-Allow-Origin:[*] Vary:[Origin]]
问题
当我在浏览器中从 Swagger-UI 访问相同的 API 时,我遇到了未设置“Access-Control-Allow-Origin”标头的问题
Access to fetch at 'http://localhost:8888/api/register' from origin 'http://localhost:45601' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
并且控制台上没有打印日志。
从 Swagger UI 访问 API 时,似乎无法访问 cors 中间件代码。
这是 swagger 响应的 bowser 网络调用详细信息
HTTP 方法 = 选项
一般
Request URL: http://localhost:8888/api/register
Request Method: OPTIONS
Status Code: 405 Method Not Allowed
Remote Address: [::1]:8888
Referrer Policy: strict-origin-when-cross-origin
响应头
Content-Length: 0
Date: Wed, 14 Oct 2020 04:25:23 GMT
请求标头
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en-IN;q=0.9,en;q=0.8
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Cache-Control: no-cache
Connection: keep-alive
Host: localhost:8888
Origin: http://localhost:45601
Pragma: no-cache
Referer: http://localhost:45601/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/85.0.4183.121 Safari/537.36
获取
一般
Request URL: http://localhost:8888/api/register
Referrer Policy: strict-origin-when-cross-origin
请求标头
Provisional headers are shown
accept: application/json
Content-Type: application/json
Referer: http://localhost:45601/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
谢谢!
【问题讨论】:
完整代码可以在Github上获取github.com/abhimanyu1990/go-connect 您使用隐身窗口吗?所以浏览器没有缓存您网站的旧版本? 不,我没有使用隐身模式。因为我已经多次重新启动 swagger 并且每次都在新端口上启动 您最终解决了上述问题吗?如果是这样,你能分享一下如何做的见解吗? 【参考方案1】:你需要在路由器上允许OPTIONS
方法。
https://github.com/abhimanyu1990/go-connect/blob/main/app/conf/router.configuration.go#L30
router.Handle("/api/register", c.Handler(middleware.RequestValidator(RegisterHandler, reflect.TypeOf(dto.UserRequest)))).Methods("POST", "OPTIONS")
【讨论】:
我已经尝试过了,但没有任何区别。 我认为它解决了 405 方法不允许的问题。我在我这边测试过,它有效 是的,克隆了你的仓库并在本地测试得很好【参考方案2】:当我尝试启用 CORS 并在 Go 中写入标头时,这很烦人。 最后,我创建了一个 struct wrapping ResponseWriter 来检测 header 是否已经写入并且它工作正常。
package router
import (
"log"
"net/http"
)
const (
noWritten = -1
defaultStatus = http.StatusOK
)
type ResponseWriter struct
writer http.ResponseWriter
size int
status int
func (w *ResponseWriter) Writer() http.ResponseWriter
return w.writer
func (w *ResponseWriter) WriteHeader(code int)
if code > 0 && w.status != code
if w.Written()
log.Printf("[WARNING] Headers were already written. Wanted to override status code %d with %d", w.status, code)
w.status = code
func (w *ResponseWriter) WriteHeaderNow()
if !w.Written()
w.size = 0
w.writer.WriteHeader(w.status)
func (w *ResponseWriter) Write(data []byte) (n int, err error)
w.WriteHeaderNow()
n, err = w.writer.Write(data)
w.size += n
return
func (w *ResponseWriter) Status() int
return w.status
func (w *ResponseWriter) Size() int
return w.size
func (w *ResponseWriter) Written() bool
return w.size != noWritten
在回应中:
func respondJSON(w *router.ResponseWriter, status int, payload interface)
res, err := json.Marshal(payload)
if err != nil
respondError(w, internalErrorStatus.number, internalErrorStatus.description)
return
go w.WriteHeader(status)
header := w.Writer().Header()
header.Add("Access-Control-Allow-Origin", "*")
header.Add("Content-Type", "application/json")
header.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE")
header.Add("Access-Control-Allow-Headers", "*")
w.Write([]byte(res))
【讨论】:
以上是关于从 go-swagger UI 访问 API 时 Golang 中的 CORS 问题的主要内容,如果未能解决你的问题,请参考以下文章
使用go-swagger为golang API自动生成swagger文档
CORS 策略已阻止对 XMLHttpRequest 的访问:Spring API 和 Angular UI