Backend Development
Golang
CORS Policy: Response to preflight request fails access control check: No 'Access-Control-Allow-Origin'
CORS Policy: Response to preflight request fails access control check: No 'Access-Control-Allow-Origin'
I use golang and gin-gonic/gin web framework on the backend and react axios on the frontend. I've been trying to solve it for two days and I'm still getting the same error below:
cors policy: response to preflight request doesn't pass access control check: no 'access-control-allow-origin' header is present on the requested resource.
This error only occurs when I try to send a patch request, so that request requires a preflight options request, but everything with get and post works as expected, they don't run any preflight checks.
This is the code for my router configuration:
package main
import (
"book_renting/api"
"log"
"net/http"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/contrib/cors"
"github.com/gin-gonic/gin"
_ "github.com/lib/pq"
)
func main() {
router := gin.default()
store := cookie.newstore([]byte("your-secret-key"))
store.options(sessions.options{maxage: 60 * 60 * 24})
router.use(cors.default())
router.use(sessions.sessions("sessions", store))
router.use(func(c *gin.context) {
host := c.request.header.get("origin")
c.writer.header().set("access-control-allow-origin", host)
c.writer.header().set("access-control-allow-credentials", "true")
c.writer.header().set("access-control-allow-headers", "content-type, authorization")
c.writer.header().set("access-control-allow-methods", "get, post, put, delete, patch, options")
if c.request.method == "options" {
log.println("handling options request")
c.abortwithstatus(http.statusnocontent)
return
}
log.println("executing cors middleware")
c.next()
})
router.post("/login", api.handlelogin)
router.get("/logout", api.handlelogout)
router.post("/register", api.handleregister)
router.get("/getcookie", api.getcookiesession)
router.get("/books", api.getbooksapi)
router.get("/books/:id", api.bookbyidapi)
router.patch("/rent/:id", api.rentbookapi)
router.patch("/return/:id", api.returnbookapi)
router.run("localhost:3000")
}This is the front end:
import axios from 'axios'
const url = 'http://localhost:3000'
export const loginuser = async (credentials) => await axios.post(`${url}/login`, credentials, {withcredentials: true})
export const logoutuser = async () => await axios.get(`${url}/logout`, {withcredentials: true})
export const registeruser = () => axios.post(`${url}/register`)
export const fetchbooks = () => axios.get(`${url}/books`, { withcredentials: true })
export const fetchbookbyid = (book_id) => axios.get(`${url}/books/${book_id}`, { withcredentials: true })
export const rentbook = (book_id) => axios.patch(`${url}/rent/${book_id}`, { withcredentials: true })
export const returnbook = (book_id) => axios.patch(`${url}/return/${book_id}`, { withcredentials: true })I'm pretty sure I've set up the backend correctly and it should return all the necessary headers.
For example, for a get request, the response headers look like this:
http/1.1 200 ok access-control-allow-credentials: true access-control-allow-headers: content-type, authorization access-control-allow-methods: get, post, put, delete, patch, options access-control-allow-origin: http://localhost:3001 content-type: application/json; charset=utf-8 date: sat, 10 jun 2023 22:12:11 gmt content-length: 495
Although for the patch request attempt I get no response (unsurprisingly) and the preflight response headers are:
http/1.1 200 ok date: sat, 10 jun 2023 22:12:12 gmt content-length: 0
Do you have any suggestions for possible problems? After these two days I have no clue. Thank you in advance!
I also tried adding a title:
c.writer.header().set("access-control-allow-origin", host)
c.writer.header().set("access-control-allow-credentials", "true")
c.writer.header().set("access-control-allow-headers", "content-type, authorization")
c.writer.header().set("access-control-allow-methods", "get, post, put, delete, patch, options")...again in the if statement:
if c.request.method == "options" {
log.println("handling options request")
c.abortwithstatus(http.statusnocontent)
return
}But this doesn't help at all. In fact, this if statement is not executed when the preflight is executed, I know from the console that the server is executing the options request.
[gin] 2023/06/11 - 00:12:13 | 200 | 7.708µs | 127.0.0.1 | options "/rent/2"
edit:
This is the curl command that sends the patch request (so actually this is the preflight options request):
curl 'http://localhost:3000/return/2' \ -x 'options' \ -h 'accept: */*' \ -h 'accept-language: en-us,en;q=0.9,pl-pl;q=0.8,pl;q=0.7' \ -h 'access-control-request-headers: content-type' \ -h 'access-control-request-method: patch' \ -h 'cache-control: no-cache' \ -h 'connection: keep-alive' \ -h 'origin: http://localhost:3001' \ -h 'pragma: no-cache' \ -h 'referer: http://localhost:3001/' \ -h 'sec-fetch-dest: empty' \ -h 'sec-fetch-mode: cors' \ -h 'sec-fetch-site: same-site' \ -h 'user-agent: mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/114.0.0.0 safari/537.36' \ --compressed
Response to this request:
HTTP/1.1 200 OK Date: Sun, 11 Jun 2023 01:22:57 GMT Content-Length: 0
Correct answer
It turns out you are using a deprecated packagegithub.com/gin-gonic/contrib/cors . You should use github.com/gin-contrib/cors instead. Here is a demo configuration using github.com/gin-contrib/cors:
package main
import (
"github.com/gin-contrib/cors"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.default()
config := cors.defaultconfig()
config.addallowheaders("authorization")
config.allowcredentials = true
config.allowallorigins = false
// i think you should whitelist a limited origins instead:
// config.allowallorigins = []{"xxxx", "xxxx"}
config.alloworiginfunc = func(origin string) bool {
return true
}
router.use(cors.new(config))
store := cookie.newstore([]byte("your-secret-key"))
store.options(sessions.options{maxage: 60 * 60 * 24})
router.use(sessions.sessions("sessions", store))
// routes below
router.run("localhost:3000")
}
For some reason, the patch request headers are missing the "cookie" header, even though I used the withcredentials parameter.
axios.patch(`${url}/rent/${book_id}`, { withcredentials: true })
Here { withcredentials: true } is treated as data and has no configuration. If you have no data to send to the server, you should write like this:
axios.patch(`${url}/rent/${book_id}`, null, { withCredentials: true })
The above is the detailed content of CORS Policy: Response to preflight request fails access control check: No 'Access-Control-Allow-Origin'. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1670
14
1428
52
1329
25
1274
29
1256
24
Golang vs. Python: Performance and Scalability
Apr 19, 2025 am 12:18 AM
Golang is better than Python in terms of performance and scalability. 1) Golang's compilation-type characteristics and efficient concurrency model make it perform well in high concurrency scenarios. 2) Python, as an interpreted language, executes slowly, but can optimize performance through tools such as Cython.
Golang and C : Concurrency vs. Raw Speed
Apr 21, 2025 am 12:16 AM
Golang is better than C in concurrency, while C is better than Golang in raw speed. 1) Golang achieves efficient concurrency through goroutine and channel, which is suitable for handling a large number of concurrent tasks. 2)C Through compiler optimization and standard library, it provides high performance close to hardware, suitable for applications that require extreme optimization.
Getting Started with Go: A Beginner's Guide
Apr 26, 2025 am 12:21 AM
Goisidealforbeginnersandsuitableforcloudandnetworkservicesduetoitssimplicity,efficiency,andconcurrencyfeatures.1)InstallGofromtheofficialwebsiteandverifywith'goversion'.2)Createandrunyourfirstprogramwith'gorunhello.go'.3)Exploreconcurrencyusinggorout
Golang vs. C : Performance and Speed Comparison
Apr 21, 2025 am 12:13 AM
Golang is suitable for rapid development and concurrent scenarios, and C is suitable for scenarios where extreme performance and low-level control are required. 1) Golang improves performance through garbage collection and concurrency mechanisms, and is suitable for high-concurrency Web service development. 2) C achieves the ultimate performance through manual memory management and compiler optimization, and is suitable for embedded system development.
Golang's Impact: Speed, Efficiency, and Simplicity
Apr 14, 2025 am 12:11 AM
Goimpactsdevelopmentpositivelythroughspeed,efficiency,andsimplicity.1)Speed:Gocompilesquicklyandrunsefficiently,idealforlargeprojects.2)Efficiency:Itscomprehensivestandardlibraryreducesexternaldependencies,enhancingdevelopmentefficiency.3)Simplicity:
Golang vs. Python: Key Differences and Similarities
Apr 17, 2025 am 12:15 AM
Golang and Python each have their own advantages: Golang is suitable for high performance and concurrent programming, while Python is suitable for data science and web development. Golang is known for its concurrency model and efficient performance, while Python is known for its concise syntax and rich library ecosystem.
Golang and C : The Trade-offs in Performance
Apr 17, 2025 am 12:18 AM
The performance differences between Golang and C are mainly reflected in memory management, compilation optimization and runtime efficiency. 1) Golang's garbage collection mechanism is convenient but may affect performance, 2) C's manual memory management and compiler optimization are more efficient in recursive computing.
The Performance Race: Golang vs. C
Apr 16, 2025 am 12:07 AM
Golang and C each have their own advantages in performance competitions: 1) Golang is suitable for high concurrency and rapid development, and 2) C provides higher performance and fine-grained control. The selection should be based on project requirements and team technology stack.
