Now I am writing a simple server on Go using the standard library net/http. The server is placed in a docker container and placed on google cloud paltform. But when I want to access the server from my third-party React application (which is located on a different server), I always get a CORS error.
Looking for solutions online, I added a library to my code, which is designed to solve the problem of СORS. But adding a library didn’t help. Even after its application, the server does not send me СORS headers. What code do I have now?
package main
import (
controller "./controllers"
"./util"
"github.com/gorilla/mux"
"github.com/rs/cors"
"log"
"net/http"
//"os"
)
// Entry point
func main() {
c := cors.New(cors.Options{
AllowedOrigins: []string{"*"}, // All origins
AllowedMethods: []string{"GET"}, // Allowing only get, just an example
AllowedHeaders: []string{"Authorization", "Content-Type"},
AllowCredentials: true,
Debug: true,
})
r := mux.NewRouter()
// Router
// Live check
r.HandleFunc("/live", controller.LiveCheck)
apiRouter := r.PathPrefix("/api").Subrouter()
// Medication data
medicationRouter := apiRouter.PathPrefix("/medication").Subrouter()
medicationRouter.HandleFunc("", controller.MedicationHeadersList).Methods("GET")
medicationRouter.HandleFunc("/{id}", controller.MedicationChildrenList).Methods("GET")
medicationRouter.HandleFunc("/{id}/leafs", controller.MedicationLeafsList).Methods("GET")
medicationRouter.HandleFunc("/search/", controller.SearchMedicationList).Methods("GET")
medicationRouter.HandleFunc("/result/{id}", controller.MedicationSearchResult).Methods("GET")
//r.Use(util.CORS)
apiRouter.Use(util.VerifyToken)
log.Println(http.ListenAndServe(":8080", c.Handler(r)))
}
Here is the answer I get from the up-point in the browser console:
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 35.190.37.37:80
Referrer Policy: no-referrer-when-downgrade
Content-Length: 0
Date: Mon, 10 Jun 2019 22:37:36 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Via: 1.1 google
I also tried to manually set the CORS headers, creating a middleware, but it also did not help. Thanks in advance for your help!
UPD Thank you all for the answers and help. Everything turned out to be much easier. Google did not update my docker container, so all my changes in the code did not give the desired effect. My code, which I gave in the question description, perfectly solves the problem of the CORS. The question can be considered closed.
How are you testing this? When a browser must make a cross-origin request that fails pre-flight conditions an OPTIONS request gets sent. This OPTIONS request contains a header who's value is the HTTP method being used in the cross-origin request.
I stood up your simplified version of your server and here's some example curl commands and results.
The below request works fine, I've set the Access-Control-Request-Method to GET
curl -I -X OPTIONS -H "Origin: test.com" -H "Access-Control-Request-Method: GET" http://localhost:8080/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Tue, 11 Jun 2019 02:20:35 GMT
Content-Length: 0
The below request doesn't work without the Access-Control-Request-Method header. Our server may have different CORS settings for GET and POST (etc..), and our server can't communicate that to the client. The client must set the Access-Control-Request-Method header so the server knows how to properly respond.
curl -I -X OPTIONS -H "Origin: test.com" http://localhost:8080/
HTTP/1.1 200 OK
Date: Tue, 11 Jun 2019 02:31:12 GMT
Content-Length: 436
Content-Type: text/html; charset=utf-8
I had this problem too. You can use this code in the development environment.
c := cors.New(cors.Options{
AllowedOrigins: []string{"*"},
AllowCredentials: true,
AllowedHeaders: []string{"Authorization", "Content-Type", "Access-Control-Allow-Origin"},
// Enable Debugging for testing, consider disabling in production
AllowedMethods: []string{"GET", "UPDATE", "PUT", "POST", "DELETE"},
Debug: true,
})