From a8caf4ad21782f0f4e204363ac26920cd1b8ba10 Mon Sep 17 00:00:00 2001 From: John Date: Mon, 23 Sep 2019 22:00:04 +0800 Subject: [PATCH] RELEASE updates --- .example/net/ghttp/server/cors/cors1.go | 25 ++++++++++++++ .example/net/ghttp/server/cors/cors2.go | 27 ++++++++++++++++ .example/net/ghttp/server/cors/cors3.go | 33 +++++++++++++++++++ RELEASE.2.MD | 5 +-- net/ghttp/ghttp_response_cors.go | 43 ++++++++++++++----------- 5 files changed, 113 insertions(+), 20 deletions(-) create mode 100644 .example/net/ghttp/server/cors/cors1.go create mode 100644 .example/net/ghttp/server/cors/cors2.go create mode 100644 .example/net/ghttp/server/cors/cors3.go diff --git a/.example/net/ghttp/server/cors/cors1.go b/.example/net/ghttp/server/cors/cors1.go new file mode 100644 index 000000000..e9451ccde --- /dev/null +++ b/.example/net/ghttp/server/cors/cors1.go @@ -0,0 +1,25 @@ +package main + +import ( + "github.com/gogf/gf/frame/g" + "github.com/gogf/gf/net/ghttp" +) + +func MiddlewareCORS(r *ghttp.Request) { + r.Response.CORSDefault() + r.Middleware.Next() +} + +func Order(r *ghttp.Request) { + r.Response.Write("GET") +} + +func main() { + s := g.Server() + s.Group("/api.v1", func(g *ghttp.RouterGroup) { + g.Middleware(MiddlewareCORS) + g.GET("/order", Order) + }) + s.SetPort(8199) + s.Run() +} diff --git a/.example/net/ghttp/server/cors/cors2.go b/.example/net/ghttp/server/cors/cors2.go new file mode 100644 index 000000000..89d480314 --- /dev/null +++ b/.example/net/ghttp/server/cors/cors2.go @@ -0,0 +1,27 @@ +package main + +import ( + "github.com/gogf/gf/frame/g" + "github.com/gogf/gf/net/ghttp" +) + +func MiddlewareCORS(r *ghttp.Request) { + corsOptions := r.Response.DefaultCORSOptions() + corsOptions.AllowDomain = []string{"goframe.org", "baidu.com"} + r.Response.CORS(corsOptions) + r.Middleware.Next() +} + +func Order(r *ghttp.Request) { + r.Response.Write("GET") +} + +func main() { + s := g.Server() + s.Group("/api.v1", func(g *ghttp.RouterGroup) { + g.Middleware(MiddlewareCORS) + g.GET("/order", Order) + }) + s.SetPort(8199) + s.Run() +} diff --git a/.example/net/ghttp/server/cors/cors3.go b/.example/net/ghttp/server/cors/cors3.go new file mode 100644 index 000000000..a95e1250c --- /dev/null +++ b/.example/net/ghttp/server/cors/cors3.go @@ -0,0 +1,33 @@ +package main + +import ( + "net/http" + + "github.com/gogf/gf/frame/g" + "github.com/gogf/gf/net/ghttp" +) + +func MiddlewareCORS(r *ghttp.Request) { + corsOptions := r.Response.DefaultCORSOptions() + corsOptions.AllowDomain = []string{"goframe.org"} + if !r.Response.CORSAllowedOrigin(corsOptions) { + r.Response.WriteStatus(http.StatusForbidden) + return + } + r.Response.CORS(corsOptions) + r.Middleware.Next() +} + +func Order(r *ghttp.Request) { + r.Response.Write("GET") +} + +func main() { + s := g.Server() + s.Group("/api.v1", func(g *ghttp.RouterGroup) { + g.Middleware(MiddlewareCORS) + g.GET("/order", Order) + }) + s.SetPort(8199) + s.Run() +} diff --git a/RELEASE.2.MD b/RELEASE.2.MD index b2e8f8073..35f9e0488 100644 --- a/RELEASE.2.MD +++ b/RELEASE.2.MD @@ -1,6 +1,6 @@ -# `v1.9.0` +# `v1.9.3` -该版本实际为`v2.0.0`的大版本发布,为避免`go module`机制严格要求`v2`版本以上需要修改`import`并加上`v2`后缀,因此使用了`v1.9.0`进行发布。 +该版本实际为`v2.0`的大版本发布,为避免`go module`机制严格要求`v2`版本以上需要修改`import`并加上`v2`后缀,因此使用了`v1.9`版本进行发布。 ## 新特性 @@ -29,6 +29,7 @@ 1. `ghttp` - 改进`Request`参数解析方式:https://goframe.org/net/ghttp/request + - 改进跨域请求功能,新增`Origin`设置及校验功能:https://goframe.org/net/ghttp/cors - `Cookie`及`Session`的`TTL`配置数据类型修改为`time.Duration`; - 新增允许同时通过`Header/Cookie`传递`SessionId`; - 新增`ConfigFromMap/SetConfigWithMap`方法,支持通过`map`参数设置WebServer; diff --git a/net/ghttp/ghttp_response_cors.go b/net/ghttp/ghttp_response_cors.go index b3676ff21..c21cb6a98 100644 --- a/net/ghttp/ghttp_response_cors.go +++ b/net/ghttp/ghttp_response_cors.go @@ -35,7 +35,9 @@ func (r *Response) DefaultCORSOptions() CORSOptions { AllowHeaders: "Origin, X-Requested-With, Content-Type, Accept, Key", MaxAge: 3628800, } - if referer := r.request.Referer(); referer != "" { + if origin := r.Header().Get("Origin"); origin != "" { + options.AllowOrigin = origin + } else if referer := r.request.Referer(); referer != "" { if p := gstr.PosR(referer, "/", 6); p != -1 { options.AllowOrigin = referer[:p] } else { @@ -48,25 +50,9 @@ func (r *Response) DefaultCORSOptions() CORSOptions { // CORS sets custom CORS options. // See https://www.w3.org/TR/cors/ . func (r *Response) CORS(options CORSOptions) { - if options.AllowDomain != nil { - origin := r.request.Header.Get("Origin") - if origin == "" { - return - } - parsed, err := url.Parse(origin) - if err != nil { - return - } - for _, v := range options.AllowDomain { - if gstr.IsSubDomain(parsed.Host, v) { - r.Header().Set("Access-Control-Allow-Origin", origin) - break - } - } - } else if options.AllowOrigin != "" { + if r.CORSAllowedOrigin(options) { r.Header().Set("Access-Control-Allow-Origin", options.AllowOrigin) } - if options.AllowCredentials != "" { r.Header().Set("Access-Control-Allow-Credentials", options.AllowCredentials) } @@ -84,6 +70,27 @@ func (r *Response) CORS(options CORSOptions) { } } +// CORSAllowed checks whether the current request origin is allowed CORS. +func (r *Response) CORSAllowedOrigin(options CORSOptions) bool { + if options.AllowDomain == nil { + return true + } + origin := r.request.Header.Get("Origin") + if origin == "" { + return false + } + parsed, err := url.Parse(origin) + if err != nil { + return false + } + for _, v := range options.AllowDomain { + if gstr.IsSubDomain(parsed.Host, v) { + return true + } + } + return false +} + // CORSDefault sets CORS with default CORS options, // which allows any cross-domain request. func (r *Response) CORSDefault() {