I’m a beginner who wants to be Gopher…
there was a strange error while i was studying

http get request is ok in postman or browser, (200 ok)
but it’s not working in Golang (404 not found)

I looked up many blogs and they said it was a CORS problem…
What’s the problem?

here’s my codes

req, err := http.NewRequest(“GET”, url_API, nil)

// url_API is https://1.1.1.1/api/?type=op&cmd=<show><rule-hit-count><vsys><vsys-name><entry name='vsys1'><rule-base><entry name='security'><rules><all/></rules></entry></rule-base></entry></vsys-name></vsys></rule-hit-count></show>&key=DSBMSKD83DSSFxO3fsdf#

if err != nil {
panic(err)
}
req.Header.Set(“User-Agent”, “Mozilla/5.0”)
req.Header.Set(“Content-Type”, “application/xml”)
req.Header.Set(“Connection”, “Keep-Alive”)
req.Header.Set(“Accept”, “/”)
req.Header.Set(“Host”, reqTarget) // reqTarget is IP (ex. 1.1.1.1 and network device’s mgmt ip)
req.Header.Set(“Accept-Encoding”, “gzip, deflate”)
req.Header.Set(“Cache-Control”, “no-cache”)

debug(httputil.DumpRequest(req, true))
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify : true},}
client := &http.Client{Transport: tr}
resp, err := client.Do(req)
if err != nil{
panic(err)
}
defer resp.Body.Close()

Since you are making a simple HTTP GET request, you can easily test this in your browser. What happens if you open

https://1.1.1.1/api/?type=op&cmd=&key=DSBMSKD83DSSFxO3fsdf#

in your browser?

hi Iutzhorn,
200 ok execution result is in xml format …

<response status="success">
<result>
    <rule-hit-count>
        <vsys>
            <entry name="vsys1">
                <rule-base>
                    <entry name="security">
                        <rules>
                            <entry name="api_test">
                                <latest>yes</latest>
                                <hit-count>0</hit-count>
                                <last-hit-timestamp>0</last-hit-timestamp>
                                <last-reset-timestamp>0</last-reset-timestamp>
                                <first-hit-timestamp>0</first-hit-timestamp>
                            </entry>
                        </rules>
                    </entry>
                </rule-base>
            </entry>
        </vsys>
    </rule-hit-count>
</result>

request header in browser

Accept: text/html, application/xhtml+xml, image/jxr, /
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR
Connection: Keep-Alive
Host: 1.1.1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

and response header in browser

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 3904
Content-Security-Policy: default-src ‘self’; script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’ data:;
Content-Type: application/xml; charset=UTF-8
…
Pragma: no-cache
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Hi,

I have never tried with golang. But I have used REST API’s calling in nodejs and javascript. I faced the same problem (CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ ).
But the same passes with POST MAN and not with code(using node js or javascript).

This problem is not with you, changes has to be made at the server side.

A CORS problem would probably not result in a 404 Not Found response.

When I run it with Chrome instead of IE,
I get the following message:

> This XML file does not appear to have any style information associated with it. The document tree is shown below.

Is it because of this?

No. That’s just normal browser behaviour when it tries to display an XML document.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.