Home > Article > Backend Development > Why Is My Subdomain\'s API Server Throwing a CORS Error?
Failed to Access Subdomain from Main Domain: Missing 'Access-Control-Allow-Origin' Header
Problem Summary
When accessing a subdomain's API server from the main domain, a CORS policy error is encountered: "No 'Access-Control-Allow-Origin' header is present on the requested resource."
Preflight Check Considerations
Before delving into potential solutions, it's crucial to verify the preflight request using the Chrome DevTools to rule out caching issues and identify the appropriate request type for further troubleshooting.
Diagnostic Steps
Code Examples
While Option 1 works as-is, the following examples aim to demonstrate different approaches to resolving CORS issues:
Option 2: Custom CORS Middleware
<code class="go">package main import ( "log" "net/http" "github.com/gin-gonic/gin" ) func main() { r := gin.New() r.Use(CORS()) r.POST("/api/v1/users", func(ctx *gin.Context) { ctx.JSON(http.StatusOK, gin.H{"message": "OK"}) }) if err := r.Run(); err != nil { log.Printf("failed to start server: %v", err) } } func CORS() gin.HandlerFunc { return func(c *gin.Context) { c.Writer.Header().Set("Access-Control-Allow-Origin", "*") c.Writer.Header().Set("Access-Control-Allow-Credentials", "true") c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With") c.Writer.Header().Set("Access-Control-Max-Age", "86400") if c.Request.Method == http.MethodOptions { c.AbortWithStatus(http.StatusNoContent) return } c.Next() } }</code>
Option 3: CORS Middleware from External Library
<code class="go">package main import ( "log" "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" ) func main() { router := gin.Default() router.Use(cors.New(cors.Config{ AllowOrigins: []string{"*"}, AllowMethods: []string{"GET", "POST", "PUT", "DELETE"}, AllowHeaders: []string{"*"}, ExposeHeaders: []string{"Content-Length"}, AllowCredentials: true, MaxAge: 86400, })) router.GET("/api/v1/users", func(c *gin.Context) { c.JSON(200, gin.H{"message": "OK"}) }) if err := router.Run(); err != nil { log.Printf("failed to start server: %v", err) } }</code>
Resolution
In the specific case of the given problem, it was discovered that the issue stemmed from incorrect AWS Load Balancer Target Group settings, specifically misconfiguring the protocol as HTTPS when the certificates were only assigned to Route 53 and ALB. Changing the protocol to HTTP resolved the problem.
The above is the detailed content of Why Is My Subdomain\'s API Server Throwing a CORS Error?. For more information, please follow other related articles on the PHP Chinese website!