Passport LinkedIn策略的CORS错误

时间:2019-10-02 16:09:53

标签: javascript node.js express oauth passport.js

因此,我使用passport.jspassport-linkedin-oauth2策略通过链接登录进行登录。

但是我一直遇到这个错误:

Access to XMLHttpRequest at 'https://github.com/login/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fgithub%2Fcallback&client_id=Iv1.56db9f8a973882db' (redirected from 'http://localhost:3000/api/auth/github/') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

现在,这是我的 passport-config.js 文件的样子:

var LinkedInStrategy = require('@sokratis/passport-linkedin-oauth2').Strategy;

module.exports = function(passport) {
passport.use(new LinkedInStrategy({
    clientID: 'some client id',
    clientSecret: 'some client secret',
    callbackURL: "http://localhost:3000/api/auth/linkedin/callback",
    profileFields: [ 'id', 'email-address'],
  }, function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {
      console.log(JSON.stringify(profile))
      return done(null, profile);
    });
  }));
}

我的 router.js 文件如下所示:


// imports and other code

router.get('/linkedin',
  passport.authenticate('linkedin', { scope: ['r_emailaddress', 'r_liteprofile', ''] }))

router.get('/linkedin/callback', passport.authenticate('linkedin', {
  successRedirect: '/',
  failureRedirect: '/login'
}));

module.exports = router

在我的 app.js 中,我写了:

// all the above code
var express = require('express');
var path = require('path');
var logger = require('morgan');
var bodyParser = require('body-parser');
var engine = require('consolidate');
var passport = require('passport')
var cors = require('cors')
var app = express();
var auth = require('./routes/auth');
var home = require('./routes/home');

var mongoose = require('mongoose');
mongoose.Promise = require('bluebird');
mongoose.connect('mongodb://localhost/noq-se', { promiseLibrary: require('bluebird') })
  .then(() =>  console.log('connection successful'))
  .catch((err) => console.error(err));


app.set('views', __dirname + '/public/views');
app.engine('html', engine.mustache);
app.set('view engine', 'html')

app.use(logger('dev'));
app.use(function(req, res, next) {
  var allowedOrigins = ['http://localhost:8080'];
  var origin = req.headers.origin;
  if(allowedOrigins.indexOf(origin) > -1){
    res.setHeader('Access-Control-Allow-Origin', origin);
  }
  // res.header('Access-Control-Allow-Origin', 'http://localhost:8080/');
  res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
  res.header('Access-Control-Allow-Credentials', true);
  return next();
});
app.use(cors())
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({'extended':'false'}));
app.use(express.static(path.join(__dirname, 'dist')));

app.use(passport.initialize());
app.use(passport.session());

app.use('/api/auth', auth);
app.use('/', home);


// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});

// restful api error handler
app.use(function(err, req, res, next) {
  console.log(err);

  if (req.app.get('env') !== 'development') {
      delete err.stack;
  }

    res.status(err.statusCode || 500).json(err);
});

module.exports = app;

现在,在我的linkedin开发人员控制台中,

  1. 重定向URL: http://localhost:3000/api/auth/linkedin/callback
  2. 域: http://localhost:3000http:localhost:3000/api/auth/linkedin

有人可以告诉我我要去哪里了吗?我知道当路由未列入白名单时会发生CORS错误,但我确实将这些列入白名单。

谢谢。

1 个答案:

答案 0 :(得分:0)

将以下代码添加到您的app.js 

app.all('/*', function(req, res) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
});
相关问题
最新问题