Location>code7788 >text

CORS Cross-domain requests a solution

Popularity:211 ℃/2025-03-16 21:36:51

It is difficult to encounter such problems in daily work. Generally, when building a new system or building system 2, you need to reuse some front-end and back-end capabilities of the system, and you may encounter cross-domain interception problems.

Here is a server-based solution. For more other solutions, you can check more information for details and write some front-end and back-end interactions at the smallest site.

 

First, understand what CORS cross-domain interception is?

In fact, when a browser requests the server, it will send two requests. The first time the OPTIONS pre-check request is to determine whether it is allowed to cross-domain.

If this communication protocol is allowed, the second real request will be released by the browser.

Note: It is quite complicated to involve such issues. What I communicated and knew about the details may not be accurate, but more of them are practical engineering experience.

Knowing this principle, you will naturally know the solution.

As long as the browser's HTTP OPTIONS protocol and service chain interact with OK for the first time, this cross-domain request will be released by PASS.

 

A solution based on service adaptation

First, use the minimum field interactive architecture diagram, the browser requests the outermost gateway, and then forwards the gateway to the specific server.

+-------------+        +-------------+        +--------------------+
|  Browser    | <----> | Gateway     | <----> |  Server            |
+-------------+        +-------------+        +--------------------+

We roughly know what the CORS problem is. We just need to ensure that the Browser Client HTTP OPTIONS requests to the Gateway.

Then the complete link from Gateway to Server is OK, and this problem is solved.

This involves some HTTP protocol interaction issues. For details, please communicate with ChatGPT or consult information.

Here is a feasible template for the smallest server response OPTIONS protocol

.... All requests enter (first priority interceptor) The following cooperation on the server agreement process

// All CORS headers are added by default, and cross-domain access is allowed by default
        origin := ("Origin")
        if origin == "" {
            origin = "*"
        }
().Set("Access-Control-Allow-Origin", origin) // All sources are allowed
        ().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
        ().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization")
        ().Set("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Cache-Control, Content-Language, Content-Type")
().Set("Access-Control-Allow-Credentials", "true") // Allow cross-domain carrying cookies

// Process preflight request
        if == {
            ()
            return
        }
 
... Then go to the specific business service-related logic.

Gateway also needs the same transformation, and the ideas are similar. But knowledge is easy to know but difficult to do, and all walks of life are similar.

 

<Previous Next>