I have a golang HTTP server with code like:
JavaScript
x
10
10
1
http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {2
log.Println("New incoming request")3
4
// Authenticate5
if u, p, ok := r.BasicAuth(); ok {6
log.Println("Success")7
return8
}9
log.Println("Failed")10
I call this HTTP endpoint from a JS frontend, a react app deployed on port 3000, using code:
JavaScript
1
16
16
1
fetch('http://localhost:8080/login', {2
method: 'post',3
headers: {4
'Authorization': 'Basic ' + btoa(authHeader),5
'Content-Type': 'application/x-www-form-urlencoded',6
'Access-Control-Allow-Origin': '*'7
},8
body: 'A=1&B=2'9
})10
.then(function (response) {11
console.log("Authentication Success")12
})13
.catch(function (err) {14
console.log("Authentication fail", err)15
});16
The above code fails with the following logs.
On the server side:
JavaScript
1
3
1
New incoming request2
Failed3
On the browser, in the developer tools logs:
JavaScript
1
2
1
Fetch API cannot load http://localhost:8080/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.2
Can someone help fix the authentication problem ? I am not sure if I am missing something related to CORS on the server side or doing bad authentication on the client side. Any help ? Thanks.
Advertisement
Answer
The Access-Control-Allow-Origin: * has to be sent from the server, not by the client. Assuming you are in a standard net/http handler function, try this code:
JavaScript
1
9
1
func handler(w http.ResponseWriter, r *http.Request) {2
w.Header().Set("Access-Control-Allow-Origin", "*")3
if (r.Method == "OPTIONS") {4
w.Header().Set("Access-Control-Allow-Headers", "Authorization") // You can add more headers here if needed5
} else {6
// Your code goes here7
}8
}9