带有apache的'Access-Control-Allow-Origin'标头

Question

https://api.aonesalons.com/dbsynch/webocitysalonpos/

当我从POSTMAN向所提到的URL发送请求时,它工作正常.

但是,通过我的角度应用程序发送,运行在demo.aonesalons.com,

我明白了:

Failed to load https://api.aonesalons.com/dbsynch/webocitysalonpos/: The 'Access-Control-Allow-Origin' header contains multiple values '*, https://demo.aonesalons.com', but only one is allowed. Origin 'https://demo.aonesalons.com' is therefore not allowed access.

如果我直接点击https://api.aonesalons.com/dbsynch/webocitysalonpos/in浏览器,它就可以了.但是,当从demo.aonesalons.com上运行的角度应用程序访问相同的URL时,它会抛出多个CORS头错误

在角度应用程序或直接在浏览器中点击它,我看到此请求的响应是200,具有此响应:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:https://demo.aonesalons.com
Access-Control-Expose-Headers:Cache-Control, Content-Type, Server
Cache-Control:must-revalidate, max-age=172800
Connection:close
Content-Length:240
Content-Type:application/json
Date:Sun, 25 Feb 2018 05:02:27 GMT
Expires:Tue, 27 Feb 2018 05:02:27 GMT
Server:CouchDB/1.6.1 (Erlang OTP/R14B04)

当我通过邮递员打它,

access-control-allow-headers ?*
access-control-allow-origin ?*
cache-control ?must-revalidate, max-age=172800
connection ?close
content-length ?240
content-type ?text/plain; charset=utf-8
date ?Sun, 25 Feb 2018 05:11:50 GMT
expires ?Tue, 27 Feb 2018 05:11:50 GMT
server ?CouchDB/1.6.1 (Erlang OTP/R14B04)

我的所有请求都通过apache服务器代理

访问控制允许来源:*

但

在提出*之前,我有

#SetEnvIf Origin ^(https?://(?:.+\.)?aonesalons\.com(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
#Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN

现在,

切换到之后,所有响应头都有Access-Control-Allow-Origin:除了对couchdb的请求之外.我不确定从哪里采摘这个.

这是我的ssl.conf的样子:

Header always set Access-Control-Allow-Headers "*"
Header always set Access-Control-Allow-Origin "*"

<VirtualHost *:443>
    ServerName api.aonesalons.com
    SSLEngine on
    SSLCertificateFile /home/user/abc.crt
    SSLCertificateKeyFile /home/user/bcf.key

        ProxyPreserveHost On
        ProxyRequests Off
    ProxyPass /dbsynch http://0.0.0.0:5984/
    ProxyPassReverse /dbsynch http://0.0.0.0:5984/
    ProxyPass / http://localhost:9999/
    ProxyPassReverse / http://localhost:9999/
</VirtualHost>

Answer 1

如错误消息中所述:

The 'Access-Control-Allow-Origin' header contains multiple values '*, https://demo.aonesalons.com', but only one is allowed

Access-Control-Allow-OriginHTTP响应中只允许一个条目.现在,由于您正在使用a ProxyPass,目标应用程序极有可能为Access-Control-Allow-Origin您的Apache服务器转发创建自己的标头条目- 除此之外,它还添加了包含的条目*,因为您在配置中指定了此条目.

所以我想在你的Angular应用程序中,你有类似的东西.header("Access-Control-Allow-Origin","(something)"); 如果删除它,您的应用程序应该可以通过Apache服务器访问.

或者,您可以删除Header always set Access-Control-Allow-Origin "*"apache配置中的条目,并以设置正确标头的方式更改Angular应用程序.