我正在构建一个具有Dropbox访问权限的应用,authorization步骤正在返回No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8082' is therefore not allowed access. The response had HTTP status code 400.
该应用程序采用HTML / JQuery / Bootstrap / Cordova。
根据documentation,我应该可以使用simple cross-site request发送contentType: 'text/plain; charset=dropbox-cors-hack',但我收到了上述错误。
client_id与我的Dropbox / myapp App key中的内容相匹配。
redirect_uri与我的Dropbox / myapp Redirect URIs中的内容相匹配。
这是我的代码:
var client_id = 'matchesCodeInDropboxAppRegistration';
var response_type = 'token';
var redirect_uri = 'https://www.dropbox.com/1/oauth2/redirect_receiver';
//var csrfToken = generateCSRFToken();
var csrfToken = 'some_val'; // in process
var data = 'response_type=' + response_type + '&client_id=' + client_id + '&redirect_uri=' + redirect_uri + '&state=' + csrfToken + '&reject_cors_preflight=true';
$.ajax( {
method: 'GET',
url: 'https://www.dropbox.com/1/oauth2/authorize?' + data,
contentType: 'text/plain; charset=dropbox-cors-hack',
success: function( html ) {
$( "#db-modal-body" ).html( html );
},
error: function( jqXHR, textStatus, errorThrown ) {
console.log( "AdminDBAuthView: db_connect: fail:", textStatus, errorThrown, jqXHR );
}
} );
$( "#dropbox-connect" ).modal( "toggle" );
$( "#dropbox-connect" ).modal( {
remote: 'https://www.dropbox.com/1/oauth2/authorize?' + data,
show: true
} );
backbone.js v1.3.3 / underscore.js v1.8.3 / bootstrap v3.3.6 / JQuery v2.2.4 / 科尔多瓦v6.1.1 / 节点5.10.1 / npm v3.8.6
我一直在敲打这一段时间,所以任何帮助都非常感激。
答案 0 :(得分:0)
您尝试通过AJAX调用访问www.dropbox.com/1/oauth2/authorize,但这实际上是用户应在其浏览器中直接访问的网页。
documentation for /oauth2/authorize says:
这不是一个API调用 - 它是允许用户登录Dropbox并授权您的应用的网页。
因此,它不允许CORS。
您可以在此处找到有关OAuth应用授权流程的更多信息:
答案 1 :(得分:0)
如果您查看redirect reciver for example的简单请求,您会看到:
content-security-policy:default-src 'none' ; worker-src blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; connect-src https://* ws://127.0.0.1:*/ws ; child-src blob: ; img-src https://* data: blob: ; frame-src https://* carousel://* dbapi-6://* dbapi-7://* dbapi-8://* itms-apps://* itms-appss://* ; object-src https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ 'self' https://flash.dropboxstatic.com https://swf.dropboxstatic.com https://dbxlocal.dropboxstatic.com ; media-src https://* blob: ; font-src https://* data: ; script-src 'unsafe-eval' https://www.dropbox.com/static/javascript/ https://www.dropbox.com/static/api/ https://cfl.dropboxstatic.com/static/javascript/ https://www.dropboxstatic.com/static/javascript/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://www.google.com/recaptcha/api/ 'unsafe-inline' 'nonce-oewijAWrBU8hHBjx84Ta' ;
并没有提及localhost,而是提及connect-src https://* ws://127.0.0.1
尝试将您的网址更改为http://127.0.0.1