angularjs – 如何解决..凭证标志是’真’CORS错误
发布时间:2020-12-17 16:56:18 所属栏目:安全 来源:网络整理
导读:我在 http://localhost:8100上运行一个离子应用程序,它连接到我在 http://localhost:3000上运行的快速后端. 像往常一样,我正面临着CORS问题.在chrome中禁用websecurity没有帮助. chrome报告的错误是: (index):1 XMLHttpRequest cannot load http://localhos
|
我在
http://localhost:8100上运行一个离子应用程序,它连接到我在
http://localhost:3000上运行的快速后端.
像往常一样,我正面临着CORS问题.在chrome中禁用websecurity没有帮助. chrome报告的错误是: (index):1 XMLHttpRequest cannot load http://localhost:3000/auth/facebook. Response to preflight request doesn't pass access control check: Credentials flag is 'true',but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:8100' is therefore not allowed access. Remote Address:[::1]:3000 Request URL:http://localhost:3000/auth/facebook Request Method:OPTIONS Status Code:200 OK Response Headers view source Access-Control-Allow-Headers:accept,content-type Access-Control-Allow-Methods:POST Access-Control-Allow-Origin:http://localhost:8100 Access-Control-Max-Age:31536000 Connection:keep-alive Content-Length:2 Content-Type:text/plain; charset=utf-8 Date:Wed,04 Nov 2015 02:25:07 GMT ETag:W/"2-d736d92d" X-Powered-By:Express Request Headers view source Accept:*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers:accept,content-type Access-Control-Request-Method:POST Connection:keep-alive DNT:1 Host:localhost:3000 Origin:http://localhost:8100 Referer:http://localhost:8100/ 第一个问题是: 第二个问题: 解决方法
我通过在nodejs服务器中包含以下中间件解决了这个问题
var app = express();
app.use(methodOverride());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(accessControl);
函数accessControl如下所示: function(req,res,next) {
var oneof = false;
if (req.headers.origin) {
res.header('Access-Control-Allow-Origin',req.headers.origin);
oneof = true;
}
if (req.headers['access-control-request-method']) {
res.header('Access-Control-Allow-Methods',req.headers['access-control-request-method']);
oneof = true;
}
if (req.headers['access-control-request-headers']) {
res.header('Access-Control-Allow-Headers',req.headers['access-control-request-headers']);
oneof = true;
}
if (oneof) {
res.header('Access-Control-Max-Age',60 * 60 * 24 * 365);
}
if (req.originalUrl === '/auth/signup') {
res.header('Access-Control-Allow-Credentials',true);
}
if (req.originalUrl === '/auth/login') {
res.header('Access-Control-Allow-Credentials',true);
}
// intercept OPTIONS method
if (oneof && req.method === 'OPTIONS') {
res.sendStatus(200);
}
else {
next();
}
};
这不是一个优雅的解决方案,但它为我做了伎俩(至少在我找到更好的东西之前) (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |