我已经在express + nodejs服务器上托管了一个角度应用程序。我想测试其他网络应用程序调用已运行的epress + nodejs服务器,看看是否跨域调用不起作用。根据互联网上提供的帮助,我有正确的设置来启用角色。
app.all('*', function(req, res, next) {
res.header('Access-Control-Allow-Origin', "*");
res.header("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
next();
});
首先,我进行GET调用以检查用户的会话是否已经存在,从而为我提供了用户不存在的正确状态。然后我对服务器进行POST'/ login'调用,失败并显示403错误。
GET /loggedin 304 6ms
OPTIONS /login 200 2ms - 161b
POST /login 403 1ms - 9b ----> I get 403 error on lient side for this.
根据此链接:http://blog.jetbrains.com/webstorm/2013/06/cors-control-in-jetbrains-chrome-extension/我还添加了我的服务器网址,以避免任何与cors相关的错误。但POST调用仍然会出现403错误。 我不知道我在这里做错了什么。非常感谢任何帮助。 感谢。
Here are the request & response headers of the post call:
Request URL:http://localhost:3000/login
Request Method:POST
Status Code:403 Forbidden
Request Headersview parsed
POST /login HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 39
Accept: application/json, text/plain, */*
Origin: http://localhost:63342
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://localhost:63342/mcss/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Request Payloadview source
{username:admin, password:admin}
password: "admin"
username: "admin"
Response Headersview parsed
HTTP/1.1 403 Forbidden
X-Powered-By: Express
Set-Cookie: XSRF-TOKEN=p44GOy0EIYnK9lMDoFbjJGEC; Path=/
Set-Cookie: connect.sid=s%3Aif8PMMGTn2CrfHkAo8mK5IdZ.VIMNDtdwLdX0JIoBJU7Ib0KylNDyQzr4U42q%2F9ZcJ3w; Path=/; HttpOnly
Content-Type: text/plain
Content-Length: 9
Date: Sat, 01 Feb 2014 22:52:59 GMT
Connection: keep-alive
Here is express middleware configuration:
app.configure(function () {
app.use(protectJSON); // where protectJSON is var protectJSON = require('./lib/protectJSON');
app.use(express.logger('dev'));
app.use(express.static(config.server.staticUrl)); //static pages start in this folder which is staticUrl: path.resolve(__dirname, '../client'),
app.use(express.cookieParser(config.server.cookieSecret)); // Hash cookies with this secret
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({ secret: config.server.sessionSecret }));
app.use(passport.initialize()); // Add passport initialization
app.use(passport.session()); // Add passport initialization
app.use(xsrf); // Add XSRF checks to the request where xsrf is var xsrf = require('./lib/xsrf');
});