从前端到后端的CORS策略阻止请求

Question

我正在用vuejs开发应用程序。我需要在UI上显示一些图表，为此，我正在向后端请求数据，但是由于CORS策略，该请求被阻止了。我正在使用axios向后端提出请求。这是我进行呼叫的图表组件

<template>
    <div class="filed-against-chart" ref="chartdiv" id="filedAgainstChart">
    </div>
</template>

<script>
    import axios from 'axios';
    import * as am4core from "@amcharts/amcharts4/core";
    import * as am4charts from "@amcharts/amcharts4/charts";
    import am4themes_animated from "@amcharts/amcharts4/themes/animated";
    am4core.useTheme(am4themes_animated);

    export default {
        name: 'FiledAgainstChart',
        mounted() {
            const config = {headers: {'Access-Control-Allow-Origin': '*'}};
            axios
                .get('http://localhost:3000/ticket/filedagainst', config)
                .then(response => this.chart.data = response);

            let chart = am4core.create('filedAgainstChart', am4charts.PieChart);
            chart.hiddenState.properties.opacity = 0; // this creates initial fade-in

            chart.data = [];
            chart.radius = am4core.percent(70);
            chart.innerRadius = am4core.percent(40);
            chart.startAngle = 180;
            chart.endAngle = 360;

            let series = chart.series.push(new am4charts.PieSeries());
            series.dataFields.value = "value";
            series.dataFields.category = "key";

            series.slices.template.cornerRadius = 10;
            series.slices.template.innerCornerRadius = 7;
            series.slices.template.draggable = true;
            series.slices.template.inert = true;
            series.alignLabels = false;

            series.hiddenState.properties.startAngle = 90;
            series.hiddenState.properties.endAngle = 90;

            chart.legend = new am4charts.Legend();

        }
    }
</script>

<style scoped>
    .filed-against-chart {
        width: 100%;
        height: 400px;
    }
</style>

我已在后端启用了CORS中间件。 我的app.js文件

const createError = require('http-errors');
const express = require('express');
const path = require('path');
const cookieParser = require('cookie-parser');
const logger = require('morgan');
const cors = require('cors');

const ticketRouter = require('./routes/ticket');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');

app.use(cors());

app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use('/ticket', ticketRouter);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  next(createError(404));
});

// error handler
app.use(function(err, req, res, next) {
  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};

  // render the error page
  res.status(err.status || 500);
  res.render('error');
});

module.exports = app;
My router file

这是我的路由器

const express = require('express');
const router = express.Router();
const ticketTable = require('../controllers/ticketTable');
const cors = require('cors');

router.get('/', async function (req, res, next) {
        const data = await ticketTable.getAllData();
        res.send(JSON.stringify(data));
});

router.get('/filedagainst', cors({origin: 'http://localhost:3000/ticket/filedagainst'}), async function (req, res, next) {
    const data = await ticketTable.getFiledAgainstChartData();
    res.send(JSON.stringify(data));
});

module.exports = router;

Answer 1

您像这样配置了cors模块：

app.use(cors());

…，但这仅允许简单请求。

请参见the documentation for how to support preflighted requests。

请注意，如果不是这样，您就不会发出预检请求：

const config = {headers: {'Access-Control-Allow-Origin': '*'}};

…自定义请求标头需要进行预检。当然，Access-Control-Allow-Origin是响应标头，因此它首先不应放在请求中。删除它。

Answer 2

我在Github中搜索，存在一种在axios中设置跨域的解决方案 const config = {headers: {'Access-Control-Allow-Origin': '*'}};需要替换为{ crossdomain: true }

以下是答案的链接：https://github.com/axios/axios/issues/853#issuecomment-322954804