2

I have a golang api backend with a negroni middleware.

I already implemented the CORS handler for negroni, so my api should allow cross origin resource sharing.

// allow OPTIONS method of CORS requests
c := cors.New(cors.Options{
    AllowedOrigins: []string{"http://127.0.0.1"},
})

//common.StartUp() - Replaced with init method
// Get the mux router object
router := routers.InitRoutes()
// Create a negroni instance
n := negroni.Classic()
n.Use(c)
n.UseHandler(router)

server := &http.Server{
    Addr:    common.AppConfig.Server,
    Handler: n,
}
log.Println("Listening...")
server.ListenAndServe()

This is from the https://github.com/rs/cors/blob/master/examples/negroni/server.go example of implementing CORS with negroni.

Nevertheless my api now responses a 200 status back to my frontend, but the frontend does not send the POST request to the server. This my axios code:

import axios from 'axios';
const data = {
email: 'user@mail.com',
password: 'secret',
};

export default {
name: 'Login',
methods: {
login() {
  axios.post('https://127.0.0.1:8090/users/login', data);
},

enter image description here Postman does not have any problems with sending the POST request. What am I doing wrong?

Andreas W
  • 225
  • 3
  • 11
  • typo? `AllowedOrigins: []string{"http://172.0.0.1"}` perhaps 127.0.0.1 – k1m190r Nov 15 '17 at 14:20
  • For one thing, you're accessing the site at 127.0.0.1, but you're setting the origins to 172.0.0.1. – Adrian Nov 15 '17 at 14:20
  • Oh my mistake... I changed it but it is still not working. – Andreas W Nov 15 '17 at 14:35
  • Do you have any error message in browser's console? Also you have `http` in browser, and go code, but `https` in js code. – RidgeA Nov 15 '17 at 15:04
  • `http://localhost` and `http://localhost:8080` are different origins. There should be a message in the JS console, actually. – Peter Nov 15 '17 at 15:06
  • This is the error I get from the console Failed to load http://127.0.0.1:8090/users/login: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access. I access the api just with http – Andreas W Nov 15 '17 at 16:12

1 Answers1

4

Okay I found a solution for the problem:

As described in this article, I added some more options to the cors negroni plugin. One important option that was missing in my application was the line 

AllowedHeaders: []string{"X-Auth-Key", "X-Auth-Secret", "Content-Type"},

Because my app sent the Content-Type Header and the api refused it.

I hope this will help others with similar problems.

Andreas W
  • 225
  • 3
  • 11