Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cors error #136

Open
juancer opened this issue Feb 5, 2024 · 2 comments
Open

Cors error #136

juancer opened this issue Feb 5, 2024 · 2 comments

Comments

@juancer
Copy link

juancer commented Feb 5, 2024
edited

Hello,

I'm having problems with CORS on my backend with the PUT request. This is my conf:

r := gin.Default()
	config := cors.DefaultConfig()
	config.AllowOrigins = []string{"https://domain1.es", "https://www.domain1.es", "https://domain2.es", "https://www.domain2.es", "http://ip", "https://ip"}
	config.AllowCredentials = true
	config.AllowMethods = []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}
	config.AllowHeaders = []string{"Origin", "Content-Length", "Content-Type", "Authorization", "user-agent", "X-Requested-With", "Token"}
	config.MaxAge = 12 * time.Hour
	config.AllowOriginFunc = func(origin string) bool {
		return origin == "https://domain1.es, https://domain2.es, https://www.domain1.es, https://www.domain2.es, http://ip, https://ip"
	}
	r.Use(cors.New(config))

I'm also trying to manage my option request and checking the headers to print them on my console:

r.OPTIONS("/service", func(c *gin.Context) {
		c.Header("Access-Control-Allow-Origin", "https://domain1.es, https://domain2.es, https://www.domain1.es, https://www.domain2.es, http://ip, https://ip")
		c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
		c.Header("Access-Control-Allow-Headers", "Authorization, Content-Type, Origin, Content-Length, user-agent, X-Requested-With, Token")
		c.Header("AllowCredentials", "true")
		fmt.Println("Headers from the request:")

		origin := c.Request.Header.Get("Origin")
		if !isValidOrigin(origin, config.AllowOrigins) {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid CORS origin"})
			return
		}
		c.JSON(http.StatusNoContent, nil)
	})

However, when I try to call with the put, I'm getting 403 error on my browser and this message: "CORS missing allow origin" with the PUT request, and, in my console, I only get:
[GIN] 2024/02/05 - 14:23:17 | 204 | 63.98µs | ip | OPTIONS "/service"
(this is the reason because I'm adding the ip in the allow origins)

I have:
GET /service
PUT /service
DELETE /service
OPTIONS /service -> to manage this preflight request

Here is a playground with the full example

Could someone help me to clarify my situation?

Thanks,
@dbhoot
Copy link
Contributor

dbhoot commented Feb 23, 2024

What's the origin your request is coming from? Most likely, the origin doesn't match and the cors middleware is aborting.

@jub0bs
Copy link

jub0bs commented Feb 27, 2024
edited

The callback assigned to AllowOriginFunc is incorrect because

https://domain1.es, https://domain2.es, https://www.domain1.es, https://www.domain2.es, http://ip, https://ip

is not a valid Web-origin value. And because that field, when set, takes precedence over AllowOrigins, the resulting CORS middleware is dysfunctional. cors.New could alert you to such misconfigurations by returning an error result, but it sadly doesn't. To fix your issue, just get rid of AllowOriginFunc in your Config struct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dbhoot @juancer @jub0bs