Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Making golang Gorilla CORS handler work

I have fairly simple setup here as described in the code below. But I am not able to get the CORS to work. I keep getting this error:

XMLHttpRequest cannot load http://localhost:3000/signup. Response to preflight request doesn't pass access control check: No 'Access- Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 403.

I am sure I am missing something simple here.

Here is the code I have:

package main  import (     "log"     "net/http"      "github.com/gorilla/handlers"     "github.com/gorilla/mux"     "myApp/src/controllers" )  func main() {     ac := new(controllers.AccountController)      router := mux.NewRouter()     router.HandleFunc("/signup", ac.SignUp).Methods("POST")     router.HandleFunc("/signin", ac.SignIn).Methods("POST")      log.Fatal(http.ListenAndServe(":3000", handlers.CORS()(router))) } 
like image 832
Moon Avatar asked Dec 06 '16 00:12

Moon


1 Answers

Please read the link Markus suggested, and also about what triggers CORS pre-flight requests.

Pre-flight requests: You may have a content type like JSON, or some other custom header that's triggering a pre-flight request, which your server may not be handling. Try adding this one, if you're using the ever-common AJAX in your front-end: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Requested-With

Gorilla's handlers.CORS() will set sane defaults to get the basics of CORS working for you; however, you can (and maybe should) take control in a more functional manner.

Here's some starter code:

// Where ORIGIN_ALLOWED is like `scheme://dns[:port]`, or `*` (insecure) headersOk := handlers.AllowedHeaders([]string{"X-Requested-With"}) originsOk := handlers.AllowedOrigins([]string{os.Getenv("ORIGIN_ALLOWED")}) methodsOk := handlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "OPTIONS"})  // start server listen // with error handling log.Fatal(http.ListenAndServe(":" + os.Getenv("PORT"), handlers.CORS(originsOk, headersOk, methodsOk)(router))) 
like image 86
jeremiah.trein Avatar answered Sep 21 '22 15:09

jeremiah.trein