[GitHub] [apisix] zhikaichen123 opened a new issue #5637: 官方的cors（跨域组件）独立设置并不能有效、通用的使用， 这个是我的改进代码

[GitBox <gi...@apache.org>]

zhikaichen123 opened a new issue #5637:
URL: https://github.com/apache/apisix/issues/5637


   ### Issue description
   
   https://github.com/apache/apisix/blob/2a32f13824c0cc8e359feedd23e537422af3b28c/docs/zh/latest/plugins/cors.md
   "plugins": {
           "cors": {}
   }
   
   按照官方说法这样配置就可以有跨域效果，实则不然，这样浏览器调用还会有问题的，还是会有跨域异常。然后我看了其它帖子还要设置 Origin 什么的，这个也太难使用了！
   
   ### Environment
   
   - apisix version (cmd: `apisix version`):
   - OS (cmd: `uname -a`):
   - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
   - etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
   - apisix-dashboard version, if have:
   - the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner):
   - luarocks version, if the issue is about installation (cmd: `luarocks --version`):
   
   
   ### Steps to reproduce
   
   这个是我的优化，跨域实际上经历了两次请求，OPTIONS 方法 + 具体的业务 method
   
   在这个类 apisix\cli\ngx_tpl.lua 的 access_by_lua_block 模块加入以下代码：
    access_by_lua_block {
                   -- 添加跨域cors配置
                   local cors = require('apisix.core.cors')
                   local core = require("apisix.core")
                   local get_method = ngx.req.get_method
   
                   local method = get_method()
                   -- core.log.error("method: ",method)
   
                   -- local get_headers = ngx.req.get_headers
                   -- local headers = get_headers()
                   -- core.log.error("headers: ",core.json.encode(headers))
   
                   -- 表示跨域请求
                   -- 还需要结合 apisix\plugins\cors.lua 配置才可以到达真正跨域效果
                   if method == "OPTIONS" then
                       -- 跨域处理
                       cors.allow_host('*')
                       cors.allow_method('*')
                       cors.allow_header('*')
                       cors.max_age(7200)
                       cors.allow_credentials(true)
                       cors.run2()
                       return core.response.exit(204, "")
                   end
   
                   apisix.http_access_phase()
               }
   
   附近我的cors run 2方法
   
   local re_match = ngx.re.match
   
   local _M = { _VERSION = '0.1.0'}
   
   local Origin = 'Origin'
   local AccessControlAllowOrigin = 'Access-Control-Allow-Origin'
   local AccessControlExposeHeaders = 'Access-Control-Expose-Headers'
   local AccessControlMaxAge = 'Access-Control-Max-Age'
   local AccessControlAllowCredentials = 'Access-Control-Allow-Credentials'
   local AccessControlAllowMethods = 'Access-Control-Allow-Methods'
   local AccessControlAllowHeaders = 'Access-Control-Allow-Headers'
   
   local mt = { __index = _M }
   
   local allow_hosts = {}
   local allow_headers = {}
   local allow_methods = {}
   local expose_headers = {}
   local max_age = 3600
   local allow_credentials = true
   
   function _M.run2()
       ngx.header[AccessControlAllowOrigin] = "*"
       ngx.header[AccessControlMaxAge] = max_age
       ngx.header[AccessControlAllowMethods] = "*"
       ngx.header[AccessControlAllowHeaders] = "*"
       ngx.header["Cache-Control"] = "no-cache"
   
       if allow_credentials == true then
           ngx.header[AccessControlAllowCredentials] = "true"
       else
           ngx.header[AccessControlAllowCredentials] = "false"
       end
   
   end
   
   注意：该配置还是需要结合官方的cors.lua 
   "plugins": {
           "cors": {}
   }
   
   
   
   ### Actual result
   
   最后附上实际运行效果图
   ![image](https://user-images.githubusercontent.com/29646756/143829522-e0ca6e54-702a-4038-9633-9b70a4ddcfa7.png)
   
   
   ### Error log
   
   over
   
   ### Expected result
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code

[GitBox <gi...@apache.org>]

tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981510117


   first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
   
   > 按照官方说法这样配置就可以有跨域效果，实则不然，这样浏览器调用还会有问题的，还是会有跨域异常
   
   pls describe the problem clearly
   
   > 这个是我的优化
   
   It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
   
   > 跨域实际上经历了两次请求，OPTIONS 方法 + 具体的业务 method
   
   yes, The OPTIONS method is a preflight request to check if CORS is supported, for more info about CORS, see: https://github.com/apache/apisix/issues/4095#issuecomment-824622092
   
   I think the CORS plugin conforms to the standard specification.
   pls describe clearly with a case, I can't get the problem with the cors plugin you are talking about.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #5637: 官方的cors（跨域组件）独立设置并不能有效、通用的使用， 这个是我的改进代码

[GitBox <gi...@apache.org>]

tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981495412


   pls use English on open channel.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass removed a comment on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code

[GitBox <gi...@apache.org>]

tzssangglass removed a comment on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981505346


   first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
   
   > 按照官方说法这样配置就可以有跨域效果，实则不然，这样浏览器调用还会有问题的，还是会有跨域异常
   
   pls  describe the problem clearly
   
   > 这个是我的优化
   
   It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
   
   see


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code

[GitBox <gi...@apache.org>]

tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981505346


   first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
   
   > 按照官方说法这样配置就可以有跨域效果，实则不然，这样浏览器调用还会有问题的，还是会有跨域异常
   
   pls  describe the problem clearly
   
   > 这个是我的优化
   
   It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
   
   see


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org