我有一个使用CORS中间件的NODE / Express应用程序:
const corsOptions = {
origin: "url.netlify.com",
methods: ["GET", "POST", "PUT", "PATCH", "DELETE"],
allowedHeaders: "Content-Type",
optionsSuccessStatus: 200
}
app.use("/dept", cors(corsOptions), departmentRouter);
我看到所有解释都以*作为起点,但是坦率地说,如果我们仍然允许所有人访问,我看不出使用CORS的意义。
问题#1:我是在上述server.js还是在router.js中设置cors的,以这样的方式公开所有输入:
router.get("/get", cors(corsOptions), (req, res) => {
Stuff.find()
....
然后,一旦我将服务器部署到Heroku,并将前端部署到netlify,并设置所有.env变量,我仍然得到:
Access to fetch at 'https://something.herokuapp.com/dept/get/' from origin
'https://something.netlify.com' has been blocked by CORS policy: No 'Access-
Control-Allow-Origin' header is present on the requested resource. If an
opaque response serves your needs, set the request's mode to 'no-cors' to
fetch the resource with CORS disabled.
每个Chrome WebDev工具的请求位于XHR and fetch下,并且该请求是在前端进行的,如下所示:
return fetch(`${API_BASE_URL}/dept/get/`, {
method: 'GET',
})
...
我已经吞噬了文档和Google,但似乎找不到有效的解决方案。 如何成功完成/允许此提取请求?