48 lines
1.4 KiB
Go
48 lines
1.4 KiB
Go
package middlewares
|
||
|
||
import (
|
||
"github.com/gin-gonic/gin"
|
||
)
|
||
|
||
func CORSMiddleware(allowedOrigins []string) gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
origin := c.Request.Header.Get("Origin")
|
||
path := c.Request.URL.Path
|
||
|
||
// 检查是否是静态文件路径(/static 或 /assets)
|
||
isStaticPath := len(path) >= 7 && (path[:7] == "/static" || path[:7] == "/assets")
|
||
|
||
allowed := false
|
||
for _, o := range allowedOrigins {
|
||
if o == "*" || o == origin {
|
||
allowed = true
|
||
break
|
||
}
|
||
}
|
||
|
||
// 对于静态文件,如果有 Origin 头,总是允许跨域访问
|
||
if isStaticPath && origin != "" {
|
||
allowed = true
|
||
}
|
||
|
||
if allowed && origin != "" {
|
||
c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
|
||
} else if allowed && origin == "" {
|
||
// 如果没有 Origin 头但是允许的请求,设置为 *
|
||
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
|
||
}
|
||
|
||
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
|
||
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
|
||
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE, PATCH")
|
||
c.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Length, Content-Type, Content-Disposition")
|
||
|
||
if c.Request.Method == "OPTIONS" {
|
||
c.AbortWithStatus(204)
|
||
return
|
||
}
|
||
|
||
c.Next()
|
||
}
|
||
}
|