Go中跨域Cors中間件的實(shí)現(xiàn)

更新時(shí)間：2023年06月07日 11:46:54 作者：王也枉不了

本文主要介紹了Go中跨域Cors中間件的實(shí)現(xiàn)，文中通過(guò)示例代碼介紹的非常詳細(xì)，對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值，需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧

// CorsConfig 使用了建造者模式
type CorsConfig struct {
	AllowOrigins []string
	AllowMethods []string
	AllowHeaders []string
	//如果想要讓客戶端可以訪問(wèn)到其他的標(biāo)頭，服務(wù)器必須將它們?cè)?Access-Control-Expose-Headers 里面列出來(lái).eg:"Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires
	ExposeHeaders []string
	//這個(gè)響應(yīng)頭表示 preflight request （預(yù)檢請(qǐng)求）的返回結(jié)果（即 Access-Control-Allow-Methods 和Access-Control-Allow-Headers 提供的信息）可以被緩存多久。
	AccessControlMaxAge string
	//告知瀏覽器是否可以將對(duì)請(qǐng)求的響應(yīng)暴露給前端 JavaScript 代碼。
	AccessControlAllowCredentials bool
}

Cors:

type Cors struct {
AllowOrigins []string
AllowMethods []string
AllowHeaders []string
//如果想要讓客戶端可以訪問(wèn)到其他的標(biāo)頭，服務(wù)器必須將它們?cè)?Access-Control-Expose-Headers 里面列出來(lái).eg:"Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires
ExposeHeaders []string
//這個(gè)響應(yīng)頭表示 preflight request （預(yù)檢請(qǐng)求）的返回結(jié)果（即 Access-Control-Allow-Methods 和Access-Control-Allow-Headers 提供的信息）可以被緩存多久。
AccessControlMaxAge string
//告知瀏覽器是否可以將對(duì)請(qǐng)求的響應(yīng)暴露給前端 JavaScript 代碼。
AccessControlAllowCredentials bool
}

當(dāng)然，我們的Config需要一些方法來(lái)控制字段的值

func (c *CorsConfig) AddOrigins(origins ...string) *CorsConfig {
   c.AllowOrigins = append(c.AllowOrigins, origins...)
   return c
}
func (c *CorsConfig) AddMethods(methods ...string) *CorsConfig {
   c.AllowMethods = append(c.AllowMethods, methods...)
   return c
}
func (c *CorsConfig) AddHeaders(headers ...string) *CorsConfig {
   c.AllowHeaders = append(c.AllowHeaders, headers...)
   return c
}
func (c *CorsConfig) AddExposeHeaders(exposeHeaders ...string) *CorsConfig {
   c.ExposeHeaders = append(c.ExposeHeaders, exposeHeaders...)
   return c
}
func (c *CorsConfig) SetAccessControlMaxAge(ms string) *CorsConfig {
   c.AccessControlMaxAge = ms
   return c
}
func (c *CorsConfig) SetAccessControlAllowCredentials(isAllow bool) *CorsConfig {
   c.AccessControlAllowCredentials = isAllow
   return c
}

同時(shí)，為了方便，我們可以給出一個(gè)方法來(lái)設(shè)置默認(rèn)的情況

func DefaultCorsConfig() *CorsConfig {
   return &CorsConfig{
   	AllowOrigins:                  []string{"*"},
   	AllowMethods:                  []string{"POST", "POST", "GET", "OPTIONS", "PUT", "DELETE", "UPDATE"},
   	AllowHeaders:                  []string{"Authorization", "Content-Length", "X-CSRF-Token", "Token", "session", "X_Requested_With", "Accept", "Origin", "Host", "Connection", "Accept-Encoding", "Accept-Language", "DNT", "X-CustomHeader", "Keep-Alive", "User-Agent", "X-Requested-With", "If-Modified-Since", "Cache-Control", "Content-Type", "Pragma"},
   	ExposeHeaders:                 []string{"Content-Length", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "Cache-Control", "Content-Languge", "Caontent-Type", "Expires", "Last-Modified", "Pragma", "FooBar"},
   	AccessControlMaxAge:           "200000",
   	AccessControlAllowCredentials: true,
   }
}

最后，實(shí)現(xiàn)將config應(yīng)用到Cors中的方法和應(yīng)用Cors的設(shè)置的方法
將config應(yīng)用到Cors中的方法：

func (cors *Cors) SetCorsConfig(c *CorsConfig) {
   cors.AccessControlMaxAge = c.AccessControlMaxAge
   cors.ExposeHeaders = c.ExposeHeaders
   cors.AllowOrigins = c.AllowOrigins
   cors.AllowHeaders = c.AllowHeaders
   cors.AllowMethods = c.AllowMethods
   cors.AccessControlAllowCredentials = c.AccessControlAllowCredentials
}

應(yīng)用Cors的設(shè)置的方法：

func (cors *Cors) Apply() sgin8.HandlerFunc {
   return func(context *sgin8.Context) {
   	method := context.Req.Method
   	origin := context.Req.Header.Get("Origin")
   	if origin != "" {
   		context.SetHeader("Access-Control-Allow-Origin", strings.Join(cors.AllowOrigins, ",")) // 設(shè)置允許訪問(wèn)所有域
   		context.SetHeader("Access-Control-Allow-Methods", strings.Join(cors.AllowMethods, ","))
   		context.SetHeader("Access-Control-Allow-Headers", strings.Join(cors.AllowHeaders, ","))
   		context.SetHeader("Access-Control-Expose-Headers", strings.Join(cors.ExposeHeaders, ","))
   		context.SetHeader("Access-Control-Max-Age", cors.AccessControlMaxAge)
   		context.SetHeader("Access-Control-Allow-Credentials", strconv.FormatBool(cors.AccessControlAllowCredentials))
   	} else {
   		log.Printf("This request haven not set the 'Origin' in Header")
   	}
   	if method == "OPTIONS" {
   		context.JSON(http.StatusOK, "Options Request!")
   	}
   	//處理請(qǐng)求
   	context.Next()
   }
}

當(dāng)然，我們提供快速開(kāi)始的方案：

func (c *CorsConfig) Build() sgin8.HandlerFunc {
	cors := &Cors{}
	cors.SetCorsConfig(c)
	return cors.Apply()
}

demo:

func main() {
	//eg1:
	r := sgin8.Default()
	config1 := sgin8.DefaultCorsConfig()
	cors1 := sgin8.Cors{}
	cors1.SetCorsConfig(config1)
	r.Use(cors1.Apply())
	//eg2
	r.Use(sgin8.DefaultCorsConfig().Build())
	//eg3
	config3 := sgin8.CorsConfig{}
	config3.SetAccessControlMaxAge("200000").SetAccessControlAllowCredentials(true).AddMethods("GET", "POST")
	r.Use(config3.Build())
	//eg4
	config4 := &sgin8.CorsConfig{}
	config4.SetAccessControlMaxAge("200000").SetAccessControlAllowCredentials(true).AddMethods("GET", "POST")
	cors4 := sgin8.Cors{}
	cors4.SetCorsConfig(config4)
	cors4.Apply()
	r.GET("/", func(c *sgin8.Context) {
		c.String(http.StatusOK, "Hello wxk\n")
	})
	// index out of range for testing Recovery()
	r.GET("/panic", func(c *sgin8.Context) {
		names := []string{"wxk"}
		c.String(http.StatusOK, names[100]) //訪問(wèn)不到
	})
	r.Run(":9999")
}

你也許會(huì)問(wèn)為什么實(shí)現(xiàn)的這么繁瑣，那么下文將會(huì)解釋下原因！

外鏈：http://www.dbjr.com.cn/article/237709.htm

跨域測(cè)試：

失敗情況：

失敗情況