端点搜索的客户端请求被CORS im使用github.io和XMLHttpRequest阻止
我正在使用GitHub.io
因此,在用户通过身份验证后,我将进行客户端呼叫。
我尝试添加
request.open('GET',searchParam,true);
request.withCredentials = true;
没有成功,我的简单GET请求被CORS阻止
var urlParams = new URLSearchParams(window.location.search);
var authorizationBasic = urlParams.get('code');
我的身份验证令牌位于url标头中。
代码:
try{
var urlParams = new URLSearchParams(window.location.search);
var authorizationBasic = urlParams.get('code');
var uri = "https://api.spotify.com/v1/search?q=";
var str = "bach";
var searchParam = encodeURIComponent(str);
var request = new XMLHttpRequest();
request.open('GET', uri+searchParam, true);
request.withCredentials = true;
request.setRequestHeader('type', 'track');
request.setRequestHeader('Authorization', 'Bearer' +
authorizationBasic);
request.send();
request.onreadystatechange = function () {
if (request.readyState === 4) {
alert(request.responseText);
}
};
}
catch(error){
alert(error.message);
}
预期=
{
"tracks": {
"href": "https://api.spotify.com/v1/search?query=bach&type=track&market=AR&offset=0&limit=20",
"items": [
{
"album": {
"album_type": "album",
"artists": [
{
"external_urls": {
"spotify": "https://open.spotify.com/artist/0wn2qDKzeFlhjRUtJAwJjp"
},
"href": "https://api.spotify.com/v1/artists/0wn2qDKzeFlhjRUtJAwJjp",
"id": "0wn2qDKzeFlhjRUtJAwJjp",
"name": "Bandalos Chinos",
"type": "artist",
"uri": "spotify:artist:0wn2qDKzeFlhjRUtJA..........
实际结果
从原点'https:/gitHubName.github.io'对'https://api.spotify.com/v1/artists/43ZHCT0cAZBISjO8DG9PnE/related-artists'处XMLHttpRequest的访问已被CORS策略阻止:对预检请求的响应未通过访问控制检查:'当请求的凭据模式为“ include”时,响应中的“ Access-Control-Allow-Origin”标头不得为通配符“ *”。 XMLHttpRequest发起的请求的凭据模式由withCredentials属性控制。