在AJAX请求上阻止跨源请求

时间:2017-11-28 18:50:06

标签: ajax cors auth0

我正在尝试从autho获取访问令牌但得到错误“跨源请求被阻止:同源策略禁止在https://movieapi.auth0.com/oauth/token读取远程资源。(原因:CORS头'访问控制 - 允许 - 原点'失踪'。“ 我的职责是:

// These two variables we’ll get from our Auth0 MovieAnalyst-Website Client.
// Head over the the management dashboard at https://manage.auth0.com
// Find the MovieAnalyst Admin(Main) Website Client and copy and paste the Client ID and Secret
const NON_INTERACTIVE_CLIENT_ID = '******';
const NON_INTERACTIVE_CLIENT_SECRET = '****************';

// Next, we’ll define an object that we’ll use to exchange our credentials for an access token.
const authData = {
    client_id: NON_INTERACTIVE_CLIENT_ID,
    client_secret: NON_INTERACTIVE_CLIENT_SECRET,
    grant_type: 'client_credentials',
    audience: 'movieanalyst'
};

// We’ll create a function to make a request to the oauth/token Auth0 API with our authData object we created earlier.
// Our data will be validated and if everything is correct, we’ll get back an access token.
// We’ll store this token in the response.
// It may be repetitive to call this endpoint each time and not very performant, so you can cache the access_token once it is received.
const getTokenNonNode = function getTokenNonNode() {  // AJAX here instead of superagent
    var settings = {
        "async": true,
        "crossDomain": true,
        "url": "https://movieapi.auth0.com/oauth/token",
        "method": "POST",
        "data": authData
      };

      $.ajax(settings)
        .then(function (response) {
            console.log(response);
            return response;
        });

};

这是客户端和服务器之间的交换: 请求标题 -

Request URL: https://movieapi.auth0.com/oauth/token
Request method:POST
Remote address: 52.89.198.22:443
Status code: 200 ok
Version: HTTP/2.0

ccept   
*/*
Accept-Encoding 
gzip, deflate, br
Accept-Language 
en-US,en;q=0.5
Cache-Control   
no-cache
Connection  
keep-alive
Content-Length  
173
Content-Type    
application/x-www-form-urlencoded; charset=UTF-8
Host    
movieapi.auth0.com
Origin  
http://localhost:4000
Pragma  
no-cache
Referer 
http://localhost:4000/movies
User-Agent  
Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/57.0

响应:

cache-control   
private, no-store, no-cache, m…te, post-check=0, pre-check=0
content-length  
804
content-type    
application/json
date    
Tue, 28 Nov 2017 18:30:13 GMT
pragma  
no-cache
strict-transport-security   
max-age=15724800
x-auth0-requestid   
bc0da887d55e3dfb181e
X-Firefox-Spdy  
h2
x-ratelimit-limit   
1000000
x-ratelimit-remaining   
999999
x-ratelimit-reset   
1511893814
x-robots-tag    
noindex, nofollow, nosnippet, noarchive

来自auth0的响应有效负载是:

access_token    ***********Obsfucated*********
scope   general admin
expires_in  86400
token_type  Bearer

然而,没有console.log的响应和步进通过调试器.then似乎被跳过。无论如何,预检选项标题会发送到我的API OPTIONS:

 Accept 
    text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
    Accept-Encoding 
    gzip, deflate
    Accept-Language 
    en-US,en;q=0.5
    Access-Control-Request-Headers  
    authorization
    Access-Control-Request-Method   
    DELETE
    Cache-Control   
    no-cache
    Connection  
    keep-alive
    Host    
    localhost:8080
    Origin  
    http://localhost:4000
    Pragma  
    no-cache
    User-Agent  
    Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/57.0

然后显然失败了,因为我的回复中没有得到任何值,但我们在响应有效负载中看到了它。任何帮助将不胜感激。

0 个答案:

没有答案