RELEASE updates

2026-06-06 02:25:47 +08:00 · 2019-09-23 22:00:04 +08:00
parent 51d9fe5253
commit a8caf4ad21
5 changed files with 113 additions and 20 deletions
--- a/.example/net/ghttp/server/cors/cors1.go
+++ b/.example/net/ghttp/server/cors/cors1.go
@ -0,0 +1,25 @@
+package main
+
+import (
+	"github.com/gogf/gf/frame/g"
+	"github.com/gogf/gf/net/ghttp"
+)
+
+func MiddlewareCORS(r *ghttp.Request) {
+	r.Response.CORSDefault()
+	r.Middleware.Next()
+}
+
+func Order(r *ghttp.Request) {
+	r.Response.Write("GET")
+}
+
+func main() {
+	s := g.Server()
+	s.Group("/api.v1", func(g *ghttp.RouterGroup) {
+		g.Middleware(MiddlewareCORS)
+		g.GET("/order", Order)
+	})
+	s.SetPort(8199)
+	s.Run()
+}
--- a/.example/net/ghttp/server/cors/cors2.go
+++ b/.example/net/ghttp/server/cors/cors2.go
@ -0,0 +1,27 @@
+package main
+
+import (
+	"github.com/gogf/gf/frame/g"
+	"github.com/gogf/gf/net/ghttp"
+)
+
+func MiddlewareCORS(r *ghttp.Request) {
+	corsOptions := r.Response.DefaultCORSOptions()
+	corsOptions.AllowDomain = []string{"goframe.org", "baidu.com"}
+	r.Response.CORS(corsOptions)
+	r.Middleware.Next()
+}
+
+func Order(r *ghttp.Request) {
+	r.Response.Write("GET")
+}
+
+func main() {
+	s := g.Server()
+	s.Group("/api.v1", func(g *ghttp.RouterGroup) {
+		g.Middleware(MiddlewareCORS)
+		g.GET("/order", Order)
+	})
+	s.SetPort(8199)
+	s.Run()
+}
--- a/.example/net/ghttp/server/cors/cors3.go
+++ b/.example/net/ghttp/server/cors/cors3.go
@ -0,0 +1,33 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/gogf/gf/frame/g"
+	"github.com/gogf/gf/net/ghttp"
+)
+
+func MiddlewareCORS(r *ghttp.Request) {
+	corsOptions := r.Response.DefaultCORSOptions()
+	corsOptions.AllowDomain = []string{"goframe.org"}
+	if !r.Response.CORSAllowedOrigin(corsOptions) {
+		r.Response.WriteStatus(http.StatusForbidden)
+		return
+	}
+	r.Response.CORS(corsOptions)
+	r.Middleware.Next()
+}
+
+func Order(r *ghttp.Request) {
+	r.Response.Write("GET")
+}
+
+func main() {
+	s := g.Server()
+	s.Group("/api.v1", func(g *ghttp.RouterGroup) {
+		g.Middleware(MiddlewareCORS)
+		g.GET("/order", Order)
+	})
+	s.SetPort(8199)
+	s.Run()
+}
--- a/RELEASE.2.MD
+++ b/RELEASE.2.MD
@ -1,6 +1,6 @@
-# `v1.9.0`
+# `v1.9.3`

-该版本实际为`v2.0.0`的大版本发布，为避免`go module`机制严格要求`v2`版本以上需要修改`import`并加上`v2`后缀，因此使用了`v1.9.0`进行发布。
+该版本实际为`v2.0`的大版本发布，为避免`go module`机制严格要求`v2`版本以上需要修改`import`并加上`v2`后缀，因此使用了`v1.9`版本进行发布。

 ## 新特性

@ -29,6 +29,7 @@

 1. `ghttp`
    - 改进`Request`参数解析方式：https://goframe.org/net/ghttp/request
+    - 改进跨域请求功能，新增`Origin`设置及校验功能：https://goframe.org/net/ghttp/cors
    - `Cookie`及`Session`的`TTL`配置数据类型修改为`time.Duration`;
    - 新增允许同时通过`Header/Cookie`传递`SessionId`；
    - 新增`ConfigFromMap/SetConfigWithMap`方法，支持通过`map`参数设置WebServer；
--- a/net/ghttp/ghttp_response_cors.go
+++ b/net/ghttp/ghttp_response_cors.go
@ -35,7 +35,9 @@ func (r *Response) DefaultCORSOptions() CORSOptions {
 		AllowHeaders:     "Origin, X-Requested-With, Content-Type, Accept, Key",
 		MaxAge:           3628800,
 	}
-	if referer := r.request.Referer(); referer != "" {
+	if origin := r.Header().Get("Origin"); origin != "" {
+		options.AllowOrigin = origin
+	} else if referer := r.request.Referer(); referer != "" {
 		if p := gstr.PosR(referer, "/", 6); p != -1 {
 			options.AllowOrigin = referer[:p]
 		} else {
@ -48,25 +50,9 @@ func (r *Response) DefaultCORSOptions() CORSOptions {
 // CORS sets custom CORS options.
 // See https://www.w3.org/TR/cors/ .
 func (r *Response) CORS(options CORSOptions) {
-	if options.AllowDomain != nil {
-		origin := r.request.Header.Get("Origin")
-		if origin == "" {
-			return
-		}
-		parsed, err := url.Parse(origin)
-		if err != nil {
-			return
-		}
-		for _, v := range options.AllowDomain {
-			if gstr.IsSubDomain(parsed.Host, v) {
-				r.Header().Set("Access-Control-Allow-Origin", origin)
-				break
-			}
-		}
-	} else if options.AllowOrigin != "" {
+	if r.CORSAllowedOrigin(options) {
 		r.Header().Set("Access-Control-Allow-Origin", options.AllowOrigin)
 	}
-
 	if options.AllowCredentials != "" {
 		r.Header().Set("Access-Control-Allow-Credentials", options.AllowCredentials)
 	}
@ -84,6 +70,27 @@ func (r *Response) CORS(options CORSOptions) {
 	}
 }

+// CORSAllowed checks whether the current request origin is allowed CORS.
+func (r *Response) CORSAllowedOrigin(options CORSOptions) bool {
+	if options.AllowDomain == nil {
+		return true
+	}
+	origin := r.request.Header.Get("Origin")
+	if origin == "" {
+		return false
+	}
+	parsed, err := url.Parse(origin)
+	if err != nil {
+		return false
+	}
+	for _, v := range options.AllowDomain {
+		if gstr.IsSubDomain(parsed.Host, v) {
+			return true
+		}
+	}
+	return false
+}
+
 // CORSDefault sets CORS with default CORS options,
 // which allows any cross-domain request.
 func (r *Response) CORSDefault() {