Elm向RestDB请求CORS被阻止

时间:2019-08-11 22:29:14

标签: ajax cors elm

我无法从RestDB检索数据到我的简单Elm应用程序。

UPDATE我已经删除了到之前此处演示的链接。仅出现问题症状描述。

在Firefox控制台的“网络”标签中,我可以看到

  1. 一个OPTION请求。我不会以编程方式生成此代码,我相信它是由浏览器本身生成的,是CORS协议握手的一部分
  2. 具有正确访问控制允许来源的OPTION响应
  3. 实际的GET请求,
  4. 实际的GET响应,这次不带access-control-allow-origin头。 @ivarni建议此缺少的标题可能是导致问题的原因。我会调查。

这是交流的一个例子:

1。 OPTION https://fffuuu-c42f.restdb.io/rest/messages

请求标头

Host: fffuuu-c42f.restdb.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-apikey
Referer: https://dvtomas.github.io/elm-cors/
Origin: https://dvtomas.github.io
DNT: 1
Connection: keep-alive
Cache-Control: max-age=0

2。响应

`{"message":"CORS access granted ok!"}`

响应头

HTTP/1.1 200 OK
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-dns-prefetch-control: off
access-control-allow-origin: https://dvtomas.github.io
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, PATCH
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Key, Datatype, apikey, x-apikey, x-pagination, x-api-token, cache-control
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 37
etag: W/"25-WUI0MQINt5pkY435jKTqrzN4R94"
vary: Accept-Encoding
date: Mon, 12 Aug 2019 06:08:08 GMT
connection: close

3。 GET https://fffuuu-c42f.restdb.io/rest/messages

请求标头

Host: fffuuu-c42f.restdb.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dvtomas.github.io/elm-cors/
x-apikey: 12745cc133246d659d53960af2463940e69d7
Content-Type: application/json
Origin: https://dvtomas.github.io
DNT: 1
Connection: keep-alive
Cache-Control: max-age=0

4。响应

[
{"_id":"5d4ee4285fde27420000a724","username":"CUser","timestamp":1,"topic":"CTopic","message":"CMessage"},       {"_id":"5d4f21575fde27420000b1fa","username":"u","timestamp":1565466966129,"topic":"t","message":"xxxxx"}
]

响应头

HTTP/1.1 200 OK
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-dns-prefetch-control: off
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 12 Aug 2019 06:08:09 GMT
connection: close
transfer-encoding: chunked

1 个答案:

答案 0 :(得分:0)

这是我的错,我不小心将应用程序配置为使用RestDB Server API密钥而不是CORS密钥。感谢RestDB员工发现它。

相关问题
最新问题