写法一 kratos官方实现
kratos官方示例
StackOverflow上的讨论
编写文档时kratos版本为v2.7.0
import (
...
"github.com/go-kratos/kratos/v2/transport/http"
"github.com/gorilla/handlers"
)
func NewHTTPServer(...) *http.Server {
var opts = []http.ServerOption{
http.Middleware(
...,
),
}
opts = append(opts, http.Network("0.0.0.0"))
opts = append(opts, http.Address("8080"))
opts = append(opts, http.Timeout(...))
opts = append(opts, http.Filter(handlers.CORS(
handlers.AllowedOrigins([]string{"*"}),
handlers.AllowedMethods([]string{"GET", "POST"}),
handlers.AllowedHeaders([]string{"Content-Type", "Authorization"}),
)))
srv := http.NewServer(opts...)
xxx.RegisterxxxHTTPServer(srv, xxx)
return srv
}
注意事项:
- AllowedMethods 不需要显式包含OPTIONS,这是 CORS 处理程序的一部分;
- AllowedHeaders的*不是有效的通配符,gorilla框架没有实现。Content-Type是发送json请求时用到的请求头,Authorization是进行权限认证时用到的请求头,都加上;
- *是AllowedOrigin的默认值。
写法二 基于kratos中间件
中间件代码:
//MiddlewareCors 设置跨域请求头
func MiddlewareCors() middleware.Middleware {
return func(handler middleware.Handler) middleware.Handler {
return func(ctx context.Context, req interface{}) (interface{}, error) {
if ts, ok := transport.FromServerContext(ctx); ok {
if ht, ok := tr.(http.Transporter); ok {
ht.ReplyHeader().Set("Access-Control-Allow-Origin", "*")
ht.ReplyHeader().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,PATCH,DELETE")
ht.ReplyHeader().Set("Access-Control-Allow-Credentials", "true")
ht.ReplyHeader().Set("Access-Control-Allow-Headers", "Content-Type,"+
"X-Requested-With,Access-Control-Allow-Credentials,User-Agent,Content-Length,Authorization")
}
return handler(ctx, req)
}
}
}
注册中间件
func NewHTTPServer(...) *http.Server {
var opts = []http.ServerOption{
http.Middleware(
...,
//注册中间件
selector.Server(MiddlewareCors()).Build(),
...,
),
}
opts = append(opts, http.Network("0.0.0.0"))
opts = append(opts, http.Address("8080"))
opts = append(opts, http.Timeout(...)
srv := http.NewServer(opts...)
xxx.RegisterxxxHTTPServer(srv, xxx)
return srv
}