Gin: Issue with custom CORS header middleware
I have created a the following middleware function but It doesn't seem to be working properly. When I do an options request I get a 404 and I get http: multiple response.WriteHeader calls in my console.
func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Content-Type", "application/json")
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
if c.Req.Method == "OPTIONS" {
fmt.Println("options")
c.Abort(200)
return
}
// c.Next()
}
}
I have mounted it as the before anything else with the following.
r.Use(CORSMiddleware())
mattatcha
All 29 comments
What gin/go versions are you on? Can you please post a complete, runnable example? This[0] works fine for me.
[0] https://gist.github.com/alexandernyquist/94580423363d3ec95fa8
pinscript
on 3 Jul 2014
@alexandernyquist I am using the newest version of gin and I am on go1.3 darwin/amd64. (I just did go get -u . before sending this)
Also I have given you and @manucorporat read permissions to the repo. I think there may be too hard to get a runnable example without the rest of the app.
I think the only dependency the app has is Rethinkdb.
Routes: https://github.com/Lanciv/GoGradeAPI/blob/master/handlers/routes.go
Main: https://github.com/Lanciv/GoGradeAPI/blob/master/main.go
mattatcha
on 3 Jul 2014
Thanks for the access, however I only have access to a Windows machine at the moment.
I'll see if I can get a VirtualBox running this weekend.
pinscript
on 3 Jul 2014
"http: multiple response.WriteHeader calls" will be fixed soon with this: https://github.com/gin-gonic/gin/pull/16
Anyway I think that message is just a warning, it guess it should work.
It's incredible that the standard library do not provide any way to know the current status code.
manucorporat
on 3 Jul 2014
@alexandernyquist I'll get a VM up for you real quick.
mattatcha
on 3 Jul 2014
@manucorporat Well I get a 404 and the headers aren't set at all :/
mattatcha
on 3 Jul 2014
Can you guys do a quick review of this: https://github.com/gin-gonic/gin/issues/24 ? once this is merged, your bug can be fixed easily.
manucorporat
on 3 Jul 2014
@manucorporat I switched to that commit but I am getting the same error.
mattatcha
on 3 Jul 2014
Of course! that commit do not fix it, but I need to merge that first :)
manucorporat
on 3 Jul 2014
@manucorporat Do you know when you will have it done?
mattatcha
on 3 Jul 2014
@alexandernyquist Would you still like me to get you a vm to test with?
mattatcha
on 3 Jul 2014
@alexandernyquist I just tested your gist and it is returning a 404 to OPTIONS.
mattatcha
on 3 Jul 2014
it will be fixed today!
manucorporat
on 3 Jul 2014
@MattAitchison Have you added route for OPTIONS? Unfortunately, there is no OPTIONS-method in the current master branch (PR coming).
Patching gin.go with a OPTIONS-method:
func (group *RouterGroup) OPTIONS(path string, handlers ...HandlerFunc) {
group.Handle("OPTIONS", path, handlers)
}
And registering the route:
r.OPTIONS("", func (g *gin.Context) {
g.JSON(200, gin.H{"foo":"bar"})
})
Will work.
pinscript
on 3 Jul 2014
@alexandernyquist Well I would like to handle OPTIONS inside my middleware. I don't believe I should have to mount the middleware and add a route for OPTIONS. I have added the following route which has fixed the problem for now. I hope it's only temporary.
r.Handle("OPTIONS", "/*cors", []gin.HandlerFunc{CORSMiddleware()})
It looks like the 404 handler sends a 404 before my OPTIONS middleware can write.
mattatcha
on 3 Jul 2014
Ah, I was a bit too quick there. I'll check it out when I get home.
pinscript
on 3 Jul 2014
Just an update, this is already fixed in my local repo
manucorporat
on 3 Jul 2014
Can you guys try the develop branch? https://github.com/gin-gonic/gin/commit/e1781e2db10b1c3580837491198ea2f7ef3c0ab4
manucorporat
on 4 Jul 2014
@manucorporat that works like a charm. Nice!
pinscript
on 4 Jul 2014
Works now! Thanks!
mattatcha
on 4 Jul 2014
has someone successful experience with cors?
qwertmax
on 2 Apr 2015
@qwertmax - Super basic approach but works very well.
r.Use(func(c *gin.Context) {
// Run this on all requests
// Should be moved to a proper middleware
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type,Token")
c.Next()
})
r.OPTIONS("/*cors", func(c *gin.Context) {
// Empty 200 response
})
nazwa
on 2 Apr 2015
I'm using smth like this right now.
func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "http://domain.com")
c.Writer.Header().Set("Access-Control-Max-Age", "86400")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
c.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Length")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
if c.Request.Method == "OPTIONS" {
fmt.Println("OPTIONS")
c.AbortWithStatus(200)
} else {
c.Next()
}
}
}
r.Use(CORSMiddleware())
Hello I am getting multiple headers on 2 nd request.
shivkumarsingh7
on 17 Aug 2018
@shivkumarsingh7 can you describe a little bit more your problem?
qwertmax
on 17 Aug 2018
I am using middleware with below code
````
func CORSMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "http://domain.com")
c.Writer.Header().Set("Access-Control-Max-Age", "86400")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
c.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Length")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
if c.Request.Method == "OPTIONS" {
fmt.Println("OPTIONS")
c.AbortWithStatus(200)
} else {
c.Next()
}
}
}
r.Use(CORSMiddleware())
````
It's working properly with package "github.com/gin-gonic/gin" but When I am changing package to "gopkg.in/gin-gonic/gin.v1" I am getting multiple headers on 2nd request.
shivkumarsingh7
on 18 Aug 2018
@shivkumarsingh7 may be because you receive 2 responses (OPTIONS and than GET/POST/whatever) ?
qwertmax
on 18 Aug 2018
@qwertmax apart from the option and one get, post, put or delete I am getting header twice in one response only
shivkumarsingh7
on 18 Aug 2018
Deal with http OPTIONS method currently:
engine := gin.Default() // return *gin.Engine
engine.Use(CorsMW) // incomplete
group := engine.Group("/prefix") // return *gin.RouterGroup
group.GET("/path", handlerFunc)
404 Happend:
engine := gin.Default()
engine := engine.Group("/prefix")
group.Use(CorsMW)
group.GET("/path", handlerFunc)
- Request will be processed by Engine's Middleware before matches the route config.
- Request will be processed by RouterGroup's Middleware after matches the route config.
So we use CorsMiddleware in *gin.Engine will process all CORS correctly.
g10guang
on 2 Sep 2020
Related issues
mdsantosdev
路
30Comments
valyala
路
31Comments
nithinmohan
路
24Comments
ndbroadbent
路
67Comments
ycdg
路
18Comments
Most helpful comment
I'm using smth like this right now.