From cb56be9a63c06dbb66aa7072e2e27d483b07c3d6 Mon Sep 17 00:00:00 2001 From: terwer Date: Sat, 6 Aug 2022 22:50:21 +0800 Subject: [PATCH 1/2] =?UTF-8?q?:art:=20#5589=20=E5=90=8E=E7=AB=AF=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E6=94=AF=E6=8C=81CORS=E9=A2=84=E6=A3=80=E8=AF=B7?= =?UTF-8?q?=E6=B1=82=E9=AA=8C=E8=AF=81=20(#5593)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kernel/server/serve.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/kernel/server/serve.go b/kernel/server/serve.go index 054f41ab8..08e6e1182 100644 --- a/kernel/server/serve.go +++ b/kernel/server/serve.go @@ -27,7 +27,6 @@ import ( "github.com/88250/gulu" "github.com/88250/melody" - "github.com/gin-contrib/cors" "github.com/gin-contrib/gzip" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" @@ -42,12 +41,31 @@ import ( var cookieStore = cookie.NewStore([]byte("ATN51UlxVq1Gcvdf")) +func CORSMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + + c.Header("Access-Control-Allow-Origin", "*") + c.Header("Access-Control-Allow-Credentials", "true") + c.Header("Access-Control-Allow-Headers", "origin, Content-Length, Content-Type, Authorization") + c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS") + + if c.Request.Method == "OPTIONS" { + c.AbortWithStatus(204) + return + } + + c.Next() + } +} + func Serve(fastMode bool) { gin.SetMode(gin.ReleaseMode) ginServer := gin.New() ginServer.MaxMultipartMemory = 1024 * 1024 * 32 // 插入较大的资源文件时内存占用较大 https://github.com/siyuan-note/siyuan/issues/5023 ginServer.Use(gin.Recovery()) - ginServer.Use(cors.Default()) + // 跨域支持验证 + // ginServer.Use(cors.Default()) + ginServer.Use(CORSMiddleware()) ginServer.Use(gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedExtensions([]string{".pdf", ".mp3", ".wav", ".ogg", ".mov", ".weba", ".mkv", ".mp4", ".webm"}))) cookieStore.Options(sessions.Options{ From 015265abb15490fd1a505a928bb9281524620fbe Mon Sep 17 00:00:00 2001 From: Liang Ding Date: Sat, 6 Aug 2022 22:56:49 +0800 Subject: [PATCH 2/2] =?UTF-8?q?:art:=20=E5=90=8E=E7=AB=AF=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E6=94=AF=E6=8C=81=20CORS=20=E9=A2=84=E6=A3=80?= =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=AA=8C=E8=AF=81=20https://github.com/siyua?= =?UTF-8?q?n-note/siyuan/pull/5593?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kernel/server/serve.go | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/kernel/server/serve.go b/kernel/server/serve.go index 08e6e1182..a974d91a1 100644 --- a/kernel/server/serve.go +++ b/kernel/server/serve.go @@ -41,31 +41,12 @@ import ( var cookieStore = cookie.NewStore([]byte("ATN51UlxVq1Gcvdf")) -func CORSMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - - c.Header("Access-Control-Allow-Origin", "*") - c.Header("Access-Control-Allow-Credentials", "true") - c.Header("Access-Control-Allow-Headers", "origin, Content-Length, Content-Type, Authorization") - c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS") - - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(204) - return - } - - c.Next() - } -} - func Serve(fastMode bool) { gin.SetMode(gin.ReleaseMode) ginServer := gin.New() ginServer.MaxMultipartMemory = 1024 * 1024 * 32 // 插入较大的资源文件时内存占用较大 https://github.com/siyuan-note/siyuan/issues/5023 ginServer.Use(gin.Recovery()) - // 跨域支持验证 - // ginServer.Use(cors.Default()) - ginServer.Use(CORSMiddleware()) + ginServer.Use(corsMiddleware()) // 后端服务支持 CORS 预检请求验证 https://github.com/siyuan-note/siyuan/pull/5593 ginServer.Use(gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedExtensions([]string{".pdf", ".mp3", ".wav", ".ogg", ".mov", ".weba", ".mkv", ".mp4", ".webm"}))) cookieStore.Options(sessions.Options{ @@ -379,3 +360,20 @@ func shortReqMsg(msg []byte) []byte { } return msg } + +func corsMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + + c.Header("Access-Control-Allow-Origin", "*") + c.Header("Access-Control-Allow-Credentials", "true") + c.Header("Access-Control-Allow-Headers", "origin, Content-Length, Content-Type, Authorization") + c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS") + + if c.Request.Method == "OPTIONS" { + c.AbortWithStatus(204) + return + } + + c.Next() + } +}