跨域处理(CORS)中间件
CORS(跨域资源共享)中间件用于允许或限制前端应用从不同源访问后端 API,是现代 Web API 开发的常用需求。通过合理配置 CORS,可以提升安全性、兼容性和开发效率。
启用跨域
使用默认策略
cangjie
import spire_web_http.*
import spire_web_cors.*
import spire_web_hosting.*
import spire_web_routing.*
import spire_extensions_injection.*
main(args: Array<String>) {
let builder = WebHost.createBuilder()
builder.services.addRouting()
builder.services.addCors { options =>
options.addDefaultPolicy { policy =>
policy.withOrigins("https://cangjie-lang.cn")
.withMethods(HttpMethods.Post)
.withHeaders(HeaderNames.ContentType)
}
}
let host = builder.build()
host.useCors()
host.map("hello") {context =>
context.response.write("hello")
}
host.run()
return 0
}使用具名策略
此时上下是等价的,将命名策略作为默认策略
cangjie
main(args: Array<String>) {
let builder = WebHost.createBuilder()
builder.services.addRouting()
builder.services.addCors { options =>
options.addPolicy("dev") { policy =>
policy.withOrigins("https://cangjie-lang.cn")
.withMethods(HttpMethods.Post)
.withHeaders(HeaderNames.ContentType)
}
}
let host = builder.build()
// 将具名策略设置为默认策略
host.useCors("dev")
host.map("hello") {context =>
context.response.write("hello")
}
host.run()
return 0
}具名策略不作为默认策略
cangjie
main(args: Array<String>) {
let builder = WebHost.createBuilder()
builder.services.addRouting()
builder.services.addCors { options =>
options.addPolicy("dev") { policy =>
policy.withOrigins("https://cangjie-lang.cn")
.withMethods(HttpMethods.Post)
.withHeaders(HeaderNames.ContentType)
}
}
let host = builder.build()
host.useCors()
// 指定该终结点使用具名策略
host.map("hello") {context =>
context.response.write("hello")
}.requireCors("dev")
host.run()
return 0
}验证跨域
我们可以通过curl来进行验证
bash
curl --location --request OPTIONS 'http://127.0.0.1:5000/hello' \
--header 'Origin: https://cangjie-lang.cn' \
--header 'Access-Control-Request-Method: DELETE' \
--header 'Access-Control-Request-Headers: Content-Type, Authorization'