cors
cors copied to clipboard
gin-contrib
OPTIONS Verb 404
Here is my main app code:
package main
import (
"bitbucket.org/frobl-inc/padsd/configuration"
"time"
"gopkg.in/gin-contrib/cors.v1"
"gopkg.in/gin-gonic/gin.v1"
)
var config = configuration.Current
//Log is the main logger
var Log = configuration.Log
func main() {
router := gin.Default()
// CORS for https://foo.com and https://github.com origins, allowing:
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
router.Use(cors.New(cors.Config{
AllowOrigins: []string{"https://foo.com"},
AllowMethods: []string{"PUT", "PATCH"},
AllowHeaders: []string{"Origin"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
AllowOriginFunc: func(origin string) bool {
return origin == "https://github.com"
},
MaxAge: 12 * time.Hour,
}))
router.GET("/pads/healthcheck", healthCheck)
router.Run()
}
When using a REST client (Postman) and executing the OPTIONS verb against /pads/healthcheck, the server returns a 404.
What am I doing wrong?
If I have to define a route for OPTIONS, it really limits the usefulness of the library.
I wrote a middleware function to do the cors that seems to be working.
To me, when adding a CORS library to an api project I'm expecting that all routes will be covered by the library. Defining an OPTIONS route means I have do that for every single endpoint on the API which typically if I'm supplying a client-facing api, CORS will be required for all routes.
You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33
Yep that is EXACTLY what was wrong. My feedback here would be:
Since disallowed origins are returned with a 403, I would suggest if Origin is not present to return a 403 by default, and if AllowAllOrigins is enabled, Ignore the Origin header altogether (since a null/undefined origin would be assumed in the "All Origins")
package main
import (
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.Default()
// same as
// config := cors.DefaultConfig()
// config.AllowAllOrigins = true
// router.Use(cors.New(config))
router.Use(cors.Default())
router.GET("/ping", func(c *gin.Context) {
c.JSON(200, gin.H{
"message": "pong",
})
})
router.Run("0.0.0.0:3000")
}
I receive a 404 with an OPTIONS request as well.
I had a typo in the header Orgin: http://localhost instead of Origin: http://localhost I was sending, sorry for the noise.
You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33
what does this mean?
Hi Folks,
This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?
Thanks.
Hi Folks,
This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?
Thanks.
Found this middleware func from stackoverflow:
func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
}
}
