Comments (3)
flycash
commented on September 18, 2024
你搜出来之后可以给我们发一个PR,发到这个仓库就可以的,社区需要大家一起改进
from beedoc.
kotori2
commented on September 18, 2024
确实是……CORS这么重要的安全问题应该被重视。
https://github.com/beego/beego/blob/develop/server/web/filter/cors/cors_test.go
recorder := httptest.NewRecorder()
handler := web.NewControllerRegister()
handler.InsertFilter("*", web.BeforeRouter, Allow(&Options{
AllowOrigins: []string{"https://aaa.com", "https://*.foo.com"},
}))
handler.Any("/foo", func(ctx *context.Context) {
ctx.Output.SetStatus(500)
})
origin := "https://bar.foo.com"
r, _ := http.NewRequest("PUT", "/foo", nil)
r.Header.Add("Origin", origin)
handler.ServeHTTP(recorder, r)但是似乎流量全都经过NewRecorder了,和正常web.Run的行为不一致。所以我也很好奇这个问题要怎么解决。
from beedoc.
kotori2
commented on September 18, 2024
确实是……CORS这么重要的安全问题应该被重视。 https://github.com/beego/beego/blob/develop/server/web/filter/cors/cors_test.go
recorder := httptest.NewRecorder() handler := web.NewControllerRegister() handler.InsertFilter("*", web.BeforeRouter, Allow(&Options{ AllowOrigins: []string{"https://aaa.com", "https://*.foo.com"}, })) handler.Any("/foo", func(ctx *context.Context) { ctx.Output.SetStatus(500) }) origin := "https://bar.foo.com" r, _ := http.NewRequest("PUT", "/foo", nil) r.Header.Add("Origin", origin) handler.ServeHTTP(recorder, r)但是似乎流量全都经过
NewRecorder了,和正常web.Run的行为不一致。所以我也很好奇这个问题要怎么解决。
Use web.InsertFilter with the same arguments.
from beedoc.
Related Issues (20)
- core/logs/log_msg.go OldStyleFormat() 有点问题希望修复一下 HOT 1
- beego 使用go build编译后,单独运行出现下面的错误,运行不起来 HOT 1
- bee pack 打包后运行 HOT 1
- [Proposal]The int type is recommended to return 32-bit/64-bit according to the runtime machine architecture(int类型根据运行时机器架构返回int32/64的建议) HOT 1
- orm-----Update 默认更新所有的字段补充和完善的建议 HOT 2
- 文档中的 github.com/beego/beego/v2/session/mysql 似乎不是一个有效的地址 HOT 2
- 自动化文档注册路由404 HOT 4
- bee install after 1.17 need use : go install
- swagger 自动化文档,router怎么定义多个版本 HOT 1
- 自动化文档,参数描述如何换行?
- core/logs/log.go 注释中包含错误单词
- Change project URL to the correct domain HOT 2
- beego.vip is down
- 使用xuri/excelize/v2 bee run启动不了 HOT 6
- Contributing to new docs website HOT 1
- logs模块中multifile模式下,为什么会多输出一个app.log文件
- 如何设置sql自定义输出位置
- Model Registered but still asking to register Model.
- beego 的 MVC 架构控制器创建问题
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from beedoc.