使用Golang、Revel处理印前检查请求

Question

我用Golang + Revel框架制作了API应用程序

现在我尝试从前端应用程序发送http请求，这是由vue.js制作的。

但是由于cors，PUT方法不能被处理。(POST方法现在工作得很好)

在revel中，我认为我们可以在app/init.go文件中设置header，如下所示

var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")

// Add them by myself
c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
c.Response.Out.Header().Add("Access-Control-Allow-Method", "POST, GET, OPTIONS, PUT, DELETE")
c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")

fc[0](c, fc[1:]) // Execute the next filter stage.

但是我仍然从API中得到了404错误，请求方法显示为OPTIONS。

如何将request header设置为enable，以处理每个请求？

Answer 1

在revel.PanicFilter之前添加筛选器

revel.Filters = []revel.Filter{
        ValidateOrigin,
        revel.PanicFilter,             // Recover from panics and display an error page instead.
        revel.RouterFilter,            // Use the routing table to select the right Action
        revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters.
        revel.ParamsFilter,            // Parse parameters into Controller.Params.
        IpLimitFilter,
        revel.SessionFilter,           // Restore and write the session cookie.
        revel.FlashFilter,             // Restore and write the flash cookie.
        revel.ValidationFilter,        // Restore kept validation errors and save new ones from cookie.
        revel.I18nFilter,              // Resolve the requested language
        HeaderFilter,
        revel.InterceptorFilter,       // Run interceptors around the action.
        revel.CompressFilter,          // Compress the result.
        revel.BeforeAfterFilter,       // Call the before and after filter functions
        revel.ActionInvoker,           // Invoke the action.
    }

var ValidateOrigin = func(c *revel.Controller, fc []revel.Filter) {
    if c.Request.Method == "OPTIONS" {
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization") //自定义 Header
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
        c.Response.Out.Header().Add("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
        c.Response.Out.Header().Add("Access-Control-Allow-Credentials", "true")
        c.Response.SetStatus(http.StatusNoContent)
        // 截取复杂请求下post变成options请求后台处理方法(针对跨域请求检测)
    } else {
        c.Response.Out.Header().Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept")
        c.Response.Out.Header().Add("Access-Control-Allow-Origin", "*")
        c.Response.Out.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        c.Response.Out.Header().Add("Content-Type", "application/json; charset=UTF-8")
        c.Response.Out.Header().Add("X-Frame-Options", "SAMORIGIN")
        c.Response.Out.Header().Add("Vary", "Origin, Access-Control-Request-Method, Access-Control-Request-Headers")

        fc[0](c, fc[1:]) // Execute the next filter stage.
    }
}
...

因为ajax会将简单的请求(单次post)请求转换为二次请求，即先发送options请求来判断域名是否被允许，然后再发送真正的请求post来获取结果。