Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't get CORS filter to work #458

Closed
kodiakdev opened this issue Nov 26, 2020 · 5 comments
Closed

Can't get CORS filter to work #458

kodiakdev opened this issue Nov 26, 2020 · 5 comments

Comments

@kodiakdev
Copy link

kodiakdev commented Nov 26, 2020
edited
Loading

First of all, thank you for this amazing framework. It's very mature and I rarely encounter any concerning issue.

I've read the issues (if not all) related on the CORS in this repo. But it seems that I can't get it to work.
Here are my research & efforts:

  1. I've tried adding filter on ws with this How to enable CORS #27 (comment)
  2. Tried adding filter on ws container (restful.DefaultContainer) level with this How to enable CORS #27 (comment)
  3. Tried both add filter on ws and ws container
  4. I've even tried adding filter on each api as per this post How to enable CORS #27 (comment)

Currently my code is something like this (unrelated code is omitted):

    func runServer() {
        //....

        ws := new(restful.WebService)
	authFilter := filter.NewAuthFilter(envConfig.AuthSecretKey)
	endpointRegistration := &api.EndpointRegistration{
                // ...
		WebService:             ws,
	}

	api.RegisterEndpoint(endpointRegistration)

	defaultContainer := restful.DefaultContainer
	cors := restful.CrossOriginResourceSharing{
		ExposeHeaders:  []string{"*"},
		AllowedHeaders: []string{"*"},
		AllowedDomains: []string{"localhost", "my-domain.com"},
		AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD"},
		CookiesAllowed: false,
		Container:      defaultContainer,
	}
	defaultContainer.Filter(cors.Filter)
	defaultContainer.Filter(defaultContainer.OPTIONSFilter)

	defaultContainer.Add(ws)
        err = http.ListenAndServe(svcAddress, defaultContainer)
        // ....
    }

Anything I missed here?
The go.mod content:

        github.com/emicklei/go-restful v2.13.0+incompatible
	github.com/emicklei/go-restful-openapi v1.3.0

Btw I use docker-compose to simulate cross origin and to see if CORS issue still happen.

Also, probably a bit diverge from scope, but I noticed during CORS debugging, that the trace logger (#139 (comment)) won't work if I use restful.DefaultContainer

Thanks in advance.
@emicklei
Copy link
Owner

emicklei commented Dec 8, 2020

Thank you for reporting this. I will dive into this problem soon.

@weijunji
Copy link

I think the problem is the AllowedHeaders: []string{"*"}, when I set AllowedHeaders: []string{"content-type"}, it works.

go-restful/cors_filter.go

Line 182 in 8dd9eb8

func (c CrossOriginResourceSharing) isValidAccessControlRequestHeader(header string) bool {

In this function, it is better to support "*".

@emicklei
Copy link
Owner

@weijunji thank you for getting back on this ; I will make the change you suggested

@emicklei
Copy link
Owner

have a look at #463 . I will create a test before merging it

@emicklei
Copy link
Owner

it will be included in the next version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@emicklei @weijunji @kodiakdev