geo*_*gej 7 javascript node.js cors
I have an app using the cors npm package as middleware. I have it set up like this:
if(process.env.NODE_ENV === 'production') {
var whitelist = ['http://mywebsite.com', 'https://mywebsite.com']
var corsOptions = {
origin: (origin, callback) => {
var originIsWhitelisted = whitelist.indexOf(origin) !== -1;
console.log('ORIGIN: ', origin); // => undefined
callback(originIsWhitelisted ? null : 'Bad Request', originIsWhitelisted)
},
credentials:true
}
app.use(cors(corsOptions));
}
The origin parameter in my corsOptions is undefined. Why is this and how can I fix it?
Com*_*wan 11
当您在进行 API 调用的同一源中加载页面时,就会发生这种情况。除非 API 调用的域与提供页面的域不同,否则浏览器不会设置“Origin”标头。
这在此处进一步解释https://github.com/expressjs/cors/issues/113
如果您使用浏览器控制台进行 API 调用,从不同的网站中,您会看到浏览器设置了 Origin 标头,因此在通过 express 读取时它不会是未定义的。
您可以使用
if (whitelist.indexOf(origin) !== -1 || !origin)
If you do not want to block REST tools or server-to-server requests, add a !origin check in the origin function like so:
var corsOptions = {
origin: function (origin, callback) {
if (!origin || whitelist.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
use 是配置中间件的方法。您必须仅在路由中应用 corsoptions。这是我根据文档看到的。还没有测试过。希望对你有帮助啊。
var whitelist = ['http://example1.com', 'http://example2.com']
var corsOptions = {
origin: function (origin, callback) {
var originIsWhitelisted = whitelist.indexOf(origin) !== -1
callback(originIsWhitelisted ? null : 'Bad Request', originIsWhitelisted)
}
}
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a whitelisted domain.'})
})
| 归档时间: |
|
| 查看次数: |
1748 次 |
| 最近记录: |