diff --git a/application.go b/application.go
index 4e3a9b4..73fd13b 100644
--- a/application.go
+++ b/application.go
@@ -309,13 +309,13 @@ func (that *Application) handler(w http.ResponseWriter, req *http.Request) {
//session也没有则判断是否创建cookie
} else {
- //没有跨域设置
- if that.Config.GetString("crossDomain") == "" {
- http.SetCookie(w, &http.Cookie{Name: that.Config.GetString("sessionName"), Value: sessionId, Path: "/"})
- } else {
- //跨域允许需要设置cookie的允许跨域https才有效果
- w.Header().Set("Set-Cookie", that.Config.GetString("sessionName")+"="+sessionId+"; Path=/; SameSite=None; Secure")
- }
+ //跨域不再通过cookie校验
+ //if that.Config.GetString("crossDomain") == "" {
+ http.SetCookie(w, &http.Cookie{Name: that.Config.GetString("sessionName"), Value: sessionId, Path: "/"})
+ //} else {
+ // //跨域允许需要设置cookie的允许跨域https才有效果
+ // w.Header().Set("Set-Cookie", that.Config.GetString("sessionName")+"="+sessionId+"; Path=/; SameSite=None; Secure")
+ //}
}
unescapeUrl, err := url.QueryUnescape(req.RequestURI)
@@ -433,27 +433,42 @@ func (that *Application) crossDomain(context *Context) {
}
header := context.Resp.Header()
- //header.Set("Access-Control-Allow-Origin", "*")
- header.Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE")
- header.Set("Access-Control-Allow-Credentials", "true")
- header.Set("Access-Control-Expose-Headers", "*")
- header.Set("Access-Control-Allow-Headers", "X-Requested-With,Content-Type,Access-Token")
+ //不跨域,则不设置
+ remoteHost := context.Req.Host
+ if context.Config.GetString("port") != "80" && context.Config.GetString("port") != "443" {
+ remoteHost = remoteHost + ":" + context.Config.GetString("port")
+ }
if context.Config.GetString("crossDomain") != "auto" {
+ //不跨域,则不设置
+ if strings.Contains(context.Config.GetString("crossDomain"), remoteHost) {
+ return
+ }
header.Set("Access-Control-Allow-Origin", that.Config.GetString("crossDomain"))
// 后端设置,2592000单位秒,这里是30天
header.Set("Access-Control-Max-Age", "2592000")
+ //header.Set("Access-Control-Allow-Origin", "*")
+ header.Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE")
+ header.Set("Access-Control-Allow-Credentials", "true")
+ header.Set("Access-Control-Expose-Headers", "*")
+ header.Set("Access-Control-Allow-Headers", "X-Requested-With,Content-Type,Access-Token")
+
return
}
origin := context.Req.Header.Get("Origin")
+
+ refer := context.Req.Header.Get("Referer")
+ if strings.Contains(origin, remoteHost) || strings.Contains(refer, remoteHost) {
+ return
+ }
+
if origin != "" {
header.Set("Access-Control-Allow-Origin", origin)
return
}
- refer := context.Req.Header.Get("Referer")
if refer != "" {
tempInt := 0
lastInt := strings.IndexFunc(refer, func(r rune) bool {
@@ -469,6 +484,11 @@ func (that *Application) crossDomain(context *Context) {
}
refer = Substr(refer, 0, lastInt)
header.Set("Access-Control-Allow-Origin", refer)
+ //header.Set("Access-Control-Allow-Origin", "*")
+ header.Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE")
+ header.Set("Access-Control-Allow-Credentials", "true")
+ header.Set("Access-Control-Expose-Headers", "*")
+ header.Set("Access-Control-Allow-Headers", "X-Requested-With,Content-Type,Access-Token")
}
}
diff --git a/example/config/config.json b/example/config/config.json
index ef79327..ecb3ab6 100644
--- a/example/config/config.json
+++ b/example/config/config.json
@@ -24,7 +24,7 @@
"db": {
"mysql": {
"host": "192.168.6.253",
- "name": "myhs",
+ "name": "myhs_remote",
"password": "dasda8454456",
"port": "3306",
"prefix": "",
diff --git a/example/myhs.exe b/example/myhs.exe
index 175be97..3e96066 100644
Binary files a/example/myhs.exe and b/example/myhs.exe differ
diff --git a/example/tpt/index.html b/example/tpt/index.html
index a02d551..568bcda 100644
--- a/example/tpt/index.html
+++ b/example/tpt/index.html
@@ -1,3 +1,3 @@
-hotime
\ No newline at end of file
+ }