在Web2Py上运行API的CORS问题

时间:2016-01-05 21:16:28

标签: cors web2py

我经常搜索,虽然我发现了类似的问题,但似乎我还没有找到答案,也许你可以帮助我。

我的Web2Py框架上有以下API,我正在使用AngularJS前端应用程序访问它,我遇到了CORS问题(我已经在orign或我的特定IP和端口尝试了*但没有很好的结果)。尽管如此,它确实适用于IE,但不适用于Chrome或Mozilla。

@request.restful()
def api():
    def GET():
        key = main() #generate random XML and returns the key
        response.headers['Content-Type'] = '*'
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Max-Age'] = 86400
        response.headers['Access-Control-Allow-Headers'] = '*'
        response.headers['Access-Control-Allow-Methods'] = '*'
        response.headers['Access-Control-Allow-Credentials'] = 'true'
        response.view = 'generic.xml'
        value = cb.get(key).value #get value stored into couchbase
        return value
    return dict(GET=GET)

有关前端应用程序错误的更多详细信息:

  

XMLHttpRequest无法加载http://my_IP:8000/my_app/default/api/。   对预检请求的响应没有通过访问控制检查:否   '访问控制允许来源'标题出现在请求的上   资源。起源' http://my_IP:8080'因此不允许访问。   响应的HTTP状态代码为405。

从我的前端应用程序中,我确信我有正确的函数来调用API。

谢谢!

2 个答案:

答案 0 :(得分:0)

您的响应标头需要超出GET()函数。

@request.restful()
def api():
    response.view = 'generic.json'
    response.headers["Access-Control-Allow-Origin"] = '*'
    response.headers['Access-Control-Max-Age'] = 86400
    response.headers['Access-Control-Allow-Headers'] = '*'
    response.headers['Access-Control-Allow-Methods'] = '*'
    response.headers['Access-Control-Allow-Credentials'] = 'true'

    def GET(tablename, id):
        if not tablename == 'person':
            raise HTTP(400)
        return dict(person = db.person(id))

    def POST(tablename, **fields):
        if not tablename == 'person':
            raise HTTP(400)
        return db.person.validate_and_insert(**fields)

    return locals()

http://web2py.com/books/default/chapter/29/10/services?search=restful#Low-level-API-and-other-recipes

答案 1 :(得分:0)

应用此方法,见鬼去:

def cors_origin():
    origin = request.env.http_origin
    headers = {}
    headers['Access-Control-Allow-Origin'] = origin

    headers['Access-Control-Allow-Methods'] = '*'
    headers['Access-Control-Allow-Headers'] = '*'
    headers['Access-Control-Allow-Credentials'] = 'true';
    response.headers.update(headers)

    if request.env.request_method == 'OPTIONS':
        headers['Content-Type'] = None
        raise HTTP(200, '', **headers)


def cors_allow(action):

    def f(*args, **kwargs):
        cors_origin()
        return action(*args, **kwargs)

    f.__doc__ = action.__doc__
    f.__name__ = action.__name__
    f.__dict__.update(action.__dict__)

    return f



@cors_allow
@request.restful()
def api():
    def GET():
        key = main() #generate random XML and returns the key
        response.headers['Content-Type'] = '*'
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Max-Age'] = 86400
        response.headers['Access-Control-Allow-Headers'] = '*'
        response.headers['Access-Control-Allow-Methods'] = '*'
        response.headers['Access-Control-Allow-Credentials'] = 'true'
        response.view = 'generic.xml'
        value = cb.get(key).value #get value stored into couchbase
        return value
    return dict(GET=GET)
相关问题
最新问题