🐛 fix session bug

app/core/api/common/middleware/cors_middleware.go

@@ -5,8 +5,8 @@ import "net/http"
 func CORSMiddleware() func(http.Header) {
 	return func(header http.Header) {
 		header.Set("Access-Control-Allow-Origin", "*")
-		header.Add("Access-Control-Allow-Headers", "UserHeader1, UserHeader2")
 		header.Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
-		header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type")
+		header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type,Authorization,Accept-Language,Origin")
+		header.Set("Access-Control-Allow-Credentials", "true")
 	}
 }

app/core/api/common/middleware/security_headers_middleware.go

@@ -2,7 +2,7 @@ package middleware
 
 import "net/http"
 
-func SecurityHeadersMiddleware(w http.ResponseWriter, r *http.Request) {
+func SecurityHeadersMiddleware(r *http.Request) {
 	r.Header.Set("X-Frame-Options", "DENY")
 	r.Header.Set("Content-Security-Policy", "default-src 'self'; connect-src *; font-src *; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline';")
 	r.Header.Set("X-XSS-Protection", "1; mode=block")

app/core/api/common/middleware/unauthorized_callback_middleware.go

@@ -0,0 +1,16 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+
+	"schisandra-album-cloud-microservices/app/core/api/common/response"
+)
+
+func UnauthorizedCallbackMiddleware() func(w http.ResponseWriter, r *http.Request, err error) {
+	return func(w http.ResponseWriter, r *http.Request, err error) {
+		// httpx.WriteJson(w, http.StatusUnauthorized, response.ErrorWithCodeMessage(http.StatusUnauthorized, "Unauthorized"))
+		httpx.OkJsonCtx(r.Context(), w, response.ErrorWithCodeMessage(http.StatusUnauthorized, "Unauthorized"))
+	}
+}