diff --git a/lib/core/utils/ctx/ctx.go b/lib/core/utils/ctx/ctx.go index 128e5005..21570310 100644 --- a/lib/core/utils/ctx/ctx.go +++ b/lib/core/utils/ctx/ctx.go @@ -47,16 +47,6 @@ func ShouldBindJSON(r *http.Request, args any) error { // JSON 相应json数据 func JSON(w http.ResponseWriter, code int, data any) { - // 跨域响应头 - // To solve cross domain issue - w.Header().Set("Access-Control-Allow-Origin", "*") - // w.Header().Set("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS") - w.Header().Set("Access-Control-Allow-Methods", "*") - w.Header().Set("Access-Control-Allow-Headers", "*") - // w.Header().Set("Access-Control-Allow-Headers", "Content-Type") - // w.Header().Set("Access-Control-Allow-Headers", "AccessToken") - w.Header().Set("Access-Control-Expose-Headers", "Access-Control-Allow-Headers, Token") - w.Header().Set("Access-Control-Allow-Credentials", "true") w.Header().Set("Content-Type", "application/json;charset=UTF-8") response, err := json.Marshal(data) diff --git a/lib/midware/cors.go b/lib/midware/cors.go new file mode 100644 index 00000000..9eb024a3 --- /dev/null +++ b/lib/midware/cors.go @@ -0,0 +1,64 @@ +package midware + +import ( + "net/http" + "strings" +) + +// Cors 跨域 +func Cors(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // 设置Vary头部 + w.Header().Set("Vary", "Origin") + w.Header().Set("Keep-Alive", "timeout=5") + + requestOrigin := r.Header.Get("Origin") + if requestOrigin == "" { + next.ServeHTTP(w, r) + return + } + + w.Header().Set("Access-Control-Allow-Origin", "*") + + w.Header().Set("Access-Control-Allow-Credentials", "true") + + // OPTIONS + if r.Method == "OPTIONS" { + requestMethod := r.Header.Get("Access-Control-Request-Method") + if requestMethod == "" { + next.ServeHTTP(w, r) + return + } + + // 响应最大时间值 + w.Header().Set("Access-Control-Max-Age", "31536000") + + // 允许方法 + allowMethods := []string{ + "OPTIONS", + "HEAD", + "GET", + "POST", + "PUT", + "DELETE", + "PATCH", + } + w.Header().Set("Access-Control-Allow-Methods", strings.Join(allowMethods, ",")) + + // 允许请求头 + allowHeaders := []string{ + "Accesstoken", + } + w.Header().Set("Access-Control-Allow-Headers", strings.Join(allowHeaders, ",")) + + w.WriteHeader(500) + return + } + + // 暴露请求头 + exposeHeaders := []string{"X-RepeatSubmit-Rest", "AccessToken"} + w.Header().Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ",")) + + next.ServeHTTP(w, r) + }) +} diff --git a/lib/midware/midhandle.go b/lib/midware/midhandle.go index eb7be9af..14cb958a 100644 --- a/lib/midware/midhandle.go +++ b/lib/midware/midhandle.go @@ -37,6 +37,7 @@ func LoggerTrace(next http.Handler) http.Handler { }) } +// 已禁用 func OptionProcess(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == "OPTIONS" { @@ -48,6 +49,7 @@ func OptionProcess(next http.Handler) http.Handler { }) } +// 已禁用 func CheckPermission(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("AccessToken") diff --git a/lib/routes/routes.go b/lib/routes/routes.go index decf76b5..555aa8c2 100644 --- a/lib/routes/routes.go +++ b/lib/routes/routes.go @@ -348,7 +348,8 @@ func NewRouter() *mux.Router { r.MethodNotAllowedHandler = services.CustomResponseMethodNotAllowed405Handler() r.Use(midware.LoggerTrace) - r.Use(midware.OptionProcess) + r.Use(midware.Cors) + // r.Use(midware.OptionProcess) // r.Use(midware.ArrowIPAddr) for _, router := range routers {