Open ErikDz opened 3 years ago
change and try
1.test OPPTIONS curl -X OPTIONS http://localhost:8080/add_project //check? delete -i -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: content-type" -H "Origin: http://localhost:3000" //check? set incorrect Origin
2.test POST
curl -i -X POST http://localhost:8080/add_project
-H "Access-Control-Request-Method: POST"
-H "Access-Control-Request-Headers: content-type"
-H "Origin: http://localhost:3000" //check? set correct Origin
-d '{ "name": "test" }' //this is jon,you need change this for multipart/form-data correct.
Working as expected. Your issue stems from a misunderstanding of how CORS works. The Access-Control-Allow-Credentials
header is only relevant for credentials that are managed (and automatically added to requests) by the browser, not by the client.
If the client (as opposed to the browser) sets a request header named Authorization
, then the server must list that name in its Access-Control-Allow-Headers
response header. More details in this Stack Overflow answer.
Since that header name is not allowed by this library's default config, you need to explicitly allow it.
Besides, you shouldn't manually set CORS response headers in addition to using a CORS middleware.
Use this:
// cors disable
corsConfig := cors.DefaultConfig()
corsConfig.AddAllowHeaders("Authorization") // Add Authorization to the list of allowed headers
corsConfig.AllowAllOrigins = true
r.Use(cors.New(corsConfig))
@approached That first comment is confusing. Instead, you must have meant
// enable CORS
Description
Having cors configurated in order to accept CORS requests, when sending an multipart/form-data, the following appears: Access to XMLHttpRequest at 'http://localhost:8080/add_project' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
How to reproduce
React code:
Expectations
200 StatusAccepted
Actual result
Access to XMLHttpRequest at 'http://localhost:8080/add_project' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Environment
go version: go version go1.13.8 linux/amd64 gin version (or commit ref): latest operating system: ubuntu 20.04