我的yada资源配置如下:
(yada/resource
{:methods {:get
{:produces "text/plain"
:response (fn [ctx]
"Hello world!!")}}})
和一个curl -i localhost:8080/api/new返回:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 13
Content-Type: text/plain
Server: Aleph/0.4.4
Connection: Keep-Alive
Date: Thu, 12 Dec 2019 18:50:42 GMT
Hello world!!
但是当我添加访问控制配置以允许来源时:
(yada/resource
{:methods {:get
{:produces "text/plain"
:response (fn [ctx]
"Hello world!!")}}
:access-control {:allow-origin "*"}})
我没有看到其他标题:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 13
Content-Type: text/plain
Server: Aleph/0.4.4
Connection: Keep-Alive
Date: Thu, 12 Dec 2019 18:52:32 GMT
Hello world!!
我也尝试使用在https://juxt.pro/yada/manual/index.html#cross-origin-resource-sharing-cors处找到的示例,但结果相同。
当我尝试从UI访问端点时,我看到了可怕的Access to resource at ... from origin ... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource。
此配置中我缺少什么?
答案 0 :(得分:0)
我能够使用以下解决方法:
import { val6 } from "./test";
console.log(val6);
// or
import * as test from "./test";
console.log(test.val6);
正在规避内置的响应机制。我仍然想知道正确的方法。
答案 1 :(得分:0)
我认为您的配置正确(关于允许editText的{{3}})。我认为yada usual provisos除非请求具有"*"标头:
Origin这可能解释了curl调用和实际客户端之间的差异。尝试doesn't actually make the headers (defn access-control-headers [ctx]
(if-let [origin (get-in ctx [:request :headers "origin"])]
;...
进行检查。