tboerger
commented
7 years ago You have defined only a route on get?
Open mikepc opened 7 years ago
tboerger
commented
7 years ago You have defined only a route on get?
mikepc
commented
7 years ago If I have to define a route for OPTIONS, it really limits the usefulness of the library.
I wrote a middleware function to do the cors that seems to be working.
To me, when adding a CORS library to an api project I'm expecting that all routes will be covered by the library. Defining an OPTIONS route means I have do that for every single endpoint on the API which typically if I'm supplying a client-facing api, CORS will be required for all routes.
tboerger
commented
7 years ago You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33
mikepc
commented
7 years ago Yep that is EXACTLY what was wrong. My feedback here would be:
Since disallowed origins are returned with a 403, I would suggest if Origin is not present to return a 403 by default, and if AllowAllOrigins is enabled, Ignore the Origin header altogether (since a null/undefined origin would be assumed in the "All Origins")
mikepc
commented
7 years ago Thank you though, that was precisely what was wrong
ShuyangCao
commented
7 years ago Also confused by this issue. When will the server return a 404?
cnBruceHong
commented
6 years ago +1
LeJane
commented
6 years ago how ?
vzool
commented
5 years ago Guys, I'm really lost!!! How to resolve this issue? Thanks
caiges
commented
4 years ago package main
import (
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.Default()
// same as
// config := cors.DefaultConfig()
// config.AllowAllOrigins = true
// router.Use(cors.New(config))
router.Use(cors.Default())
router.GET("/ping", func(c *gin.Context) {
c.JSON(200, gin.H{
"message": "pong",
})
})
router.Run("0.0.0.0:3000")
}I receive a 404 with an OPTIONS request as well.
caiges
commented
4 years ago I had a typo in the header Orgin: http://localhost instead of Origin: http://localhost I was sending, sorry for the noise.
ipg0
commented
1 year ago You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33
what does this mean?
cajund
commented
10 months ago Hi Folks,
This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?
Thanks.
refuse2speak
commented
10 months ago Hi Folks,
This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?
Thanks.
Found this middleware func from stackoverflow:
func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
}
}
Here is my main app code:
When using a REST client (Postman) and executing the OPTIONS verb against /pads/healthcheck, the server returns a 404.
What am I doing wrong?