Golang：Gorilla会议不适用于Cors [英] Golang: Gorilla sessions don`t work for cors

问题描述

所以我建立了一个golang休息API。在登录时，我这样做：

  session，_：= store.New（r，sessionId）
 session。 Options.MaxAge = 12 * 3600 
 err：= session.Save（r，w）
 //处理错误
  

，并检查会话我有这样的行事：

  session，err：= store如果session.IsNew {
 http.Error（w，Unauthorized session。，http.StatusUnauthorized）
 return 
 
 
 
 
 
如果我按照邮递员的要求工作正常，但是当我从我的客户我得到401.你们有没有经历过这样的事情？该商店是一个CookieStore。
 
 
 
我已经检查了id，我用一个静态字符串替换了sessionId变量。 Gorilla会话使用大猩猩上下文来注册一个新的请求，当我做邮递员 context.data [r] 的请求不为null时，但是从客户端始终为空 - >总是一个新的会议。
 
 
 
  https://github.com/gorilla/context/blob/master/context.go   - 第33行
 
 
 
它在
 
 
 
  https://github.com /gorilla/sessions/blob/master/sessions.go   - 第122行
 
 
 
 wich用于
 $ b中的CookieStore.Get函数
 $ b 
  https://github.com/gorilla/ session / blob / master / store.go   - 第77行
 
 
编辑1：
对于我使用聚合物的客户端，我也尝试了xmlhttp。 
 Polymer： 
 
 
 < iron-ajax 
 id =ajaxRequest
 auto $ $ b $ url ={{requestUrl}}
 headers ={{requestHeaders}}
 handle-as =json
 on-response =onResponse
 on-error =onError
 content-type =application / json
> 
< / iron-ajax> 
  
和处理程序
  onResponse：function（response）{
 console.log（response.detail.response）; 
 this.items = response.detail.response 
}，
 onError：function（error）{
 console.log（error.detail）
}，
 ready：function（）{
 this.requestUrl =http：// localhost：8080 / api / fingerprint / company /+ getCookie（companyId）; 
 this.requestHeaders = {Set-cookie：getCookie（api_token）} 
} 
  
 
 $ 
 $ b 
和xmlhttp：
  var xmlhttp = new XMLHttpRequest（）; 
 xmlhttp.onreadystatechange = function（）{
 if（xmlhttp.readyState == XMLHttpRequest.DONE）{
 if（xmlhttp.status == 200）{
 // do stuff 
} else if（xmlhttp.status == 401）{
 page.redirect（/ unauthorized）
} else {
 page.redirect（/ error）$ （GET，http：// localhost：8080 / api / fingerprint / company /+ getCookie（b 
 
 
 
 
 
 xmlhttp.open companyId），TRUE）; 
 xmlhttp.setRequestHeader（Set-cookie，getCookie（api_token））; 
 xmlhttp.send（）; 
  
编辑2：
 
 
 
使用fiddler进行调试（感谢您的建议），我发现postman的请求有一个粗体条目 Cookies / Login ，并且来自客户端的请求没有。任何想法如何获得/设置该值？它以某种方式在Postman中自动设置。在身份验证请求中，我得到一个set-cookie头，其中包含我需要的所有数据，但我无法在客户端上获取它。我得到拒绝获取不安全的标头设置cookie 。
解决方案
问题在于，在客户端中，请求需要具有 withCredentials = true ，然后浏览器处理所有事情。它从 set-cookie 标头获取cookie，并通过 cookie 标头发送cookie。毕竟，这不是大猩猩会议的问题。
 
So I have set up a golang rest api. And on login I do this:
session, _ := store.New(r, sessionId)
session.Options.MaxAge = 12 * 3600
err := session.Save(r, w)
//treat error
and for checking the session i have smth like this:
    session, err := store.Get(r, sessionId)
    //treat error
    if session.IsNew {
        http.Error(w, "Unauthorized session.", http.StatusUnauthorized)
        return
    }
If I do the requests from postman it works fine, but when I do them from my client I get 401. Has any of you experienced something like this? The store is a CookieStore.

I already checked the id's, I replaced sessionId variable with a static string. Gorilla session uses gorilla context to register a new request and when I do the request from postman context.data[r] is not null, but from the client it is always null -> always a new session.

https://github.com/gorilla/context/blob/master/context.go - line 33

it is called in

https://github.com/gorilla/sessions/blob/master/sessions.go - line 122

wich is used in the CookieStore.Get function in

https://github.com/gorilla/sessions/blob/master/store.go - line 77

EDIT 1:
For the client I use polymer and I tried xmlhttp too.
Polymer:
<iron-ajax
  id="ajaxRequest"
  auto
  url="{{requestUrl}}"
  headers="{{requestHeaders}}"
  handle-as="json"
  on-response="onResponse"
  on-error="onError"
  content-type="application/json"
  >
</iron-ajax>
and the handlers
  onResponse: function(response){
    console.log(response.detail.response);
    this.items = response.detail.response
  },
  onError: function(error){
    console.log(error.detail)
  },
  ready: function(){
    this.requestUrl = "http://localhost:8080/api/fingerprint/company/" + getCookie("companyId");
    this.requestHeaders = {"Set-cookie": getCookie("api_token")}
  }
and the cookie successfully reaches the backend.

And xmlhttp:
  var xmlhttp = new XMLHttpRequest();
  xmlhttp.onreadystatechange = function() {
    if (xmlhttp.readyState == XMLHttpRequest.DONE ) {
      if(xmlhttp.status == 200){
        //do stuff
      }else if(xmlhttp.status == 401){
        page.redirect("/unauthorized")
      }else{
        page.redirect("/error")
      }
    }
  }

  xmlhttp.open("GET","http://localhost:8080/api/fingerprint/company/" + getCookie("companyId"),true);
  xmlhttp.setRequestHeader("Set-cookie", getCookie("api_token"));
  xmlhttp.send();
EDIT 2:

So I tried debugging with fiddler(thanks for the suggestion) and i found out that the request from postman has an bold entry Cookies / Login and the request from the client does not. Any idea how to get/set that value? It is somehow automatically set in Postman. In the authentication request I get a set-cookie header that has all the data that I need but I can't get it on the client. I get Refused to get unsafe header set-cookie.
解决方案
The problem is that in the client the requests need to have withCredentials = true and after that the browser deals with everything. It gets the cookie from the set-cookie header and it sends the cookies via the cookie header. So, after all, it was not a gorilla sessions problem.

                        
这篇关于Golang：Gorilla会议不适用于Cors的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！