快递政策

时间:2019-01-11 15:47:35

标签: node.js express cors

我的生产服务器上的Express node.js下有这个问题:

“对预检请求的响应未通过访问控制检查:所请求的资源上没有'Access-Control-Allow-Origin'标头。”

但是我已经写了它来测试:

const allowCrossDomain = function(req, res, next) {


    res.header('Access-Control-Allow-Methods', 'GET, POST');
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    res.header('access-control-allow-credentials', true);

    return next();
}

app.use(allowCrossDomain)

其他示例:


// CORS middleware
const allowCrossDomain = function(req, res, next) {

    var allowedOrigins = ['http://127.0.0.1:9091', 'http://localhost:9091', 'http://localhost:9090'];
    var origin = req.headers.origin;

    if(allowedOrigins.indexOf(origin) > -1){
        res.header('Access-Control-Allow-Origin', origin);
    }

    res.header('Access-Control-Allow-Methods', 'GET, POST');
    res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type,x-access-token');
    res.header('access-control-allow-credentials', true);

    return next();
}

app.use(allowCrossDomain)



// let static middleware do its job
app.use(express.static(__dirname + '/public'));


router.get('/me', function(req, res) {
  let token = req.headers['x-access-token'];
  if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });

  jwt.verify(token, config.secret, function(err, decoded) {
    if (err) return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });

    res.status(200).send(decoded);
  });
});

2 个答案:

答案 0 :(得分:0)

安装cors不会有任何问题 const cors = require('cors'); app.use(cors()); 在npm https://www.npmjs.com/package/cors

上链接

答案 1 :(得分:0)

听起来OPTIONS请求类型可能已被基于浏览器的请求阻止。将OPTIONS添加到Access-Control-Allow-Methods头作为允许的方法:

// CORS middleware
const allowCrossDomain = function(req, res, next) {

    var allowedOrigins = ['http://127.0.0.1:9091', 'http://localhost:9091', 'http://localhost:9090'];
    var origin = req.headers.origin;

    if(allowedOrigins.indexOf(origin) > -1){
        res.header('Access-Control-Allow-Origin', origin);
    }

    res.header('Access-Control-Allow-Methods', 'OPTIONS, GET, POST'); // added OPTIONS as an allowed method
    res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type,x-access-token');
    res.header('access-control-allow-credentials', true);

    return next();
}

app.use(allowCrossDomain)

希望有帮助!

相关问题
最新问题