从任何 webapp 调用时 Window exe API cors 问题。 C++
[英]Window exe API cors issue when calling from any webapp. C++
问题描述
We've created one EXE file using the CPP language and create one API like http://localhost:5800/get-id/ .
我们已经使用 CPP 语言创建了一个 EXE 文件,并创建了一个 API,例如http://localhost:5800/get-id/ 。 when I open in browser return me the perfect output.当我在浏览器中打开时,返回完美的 output。
When I used fetch in HTML > script page, then getting No "Access-Control-Allow-Origin" header is present on the requested resource.当我在 HTML > 脚本页面中使用fetch时No "Access-Control-Allow-Origin" header is present on the requested resource.
Code1:代码1:
fetch("http://localhost:5800/get-id/", {method: 'GET').then(function(response) {
console.log(response.text());
}).catch(function(error) {
console.log('Request failed', error)
});
After research, I've added the mode: no-cors error lost but getting an empty response.经过研究,我添加了mode: no-cors error lost but getting a empty response。 Code2:代码2:
fetch("http://localhost:5800/get-id/", {method: 'GET', mode: 'no-cors'}).then(function(response) {
console.log(response.text());
}).catch(function(error) {
console.log('Request failed', error)
});
If I use code2 in any inspect console then getting an empty body but when I open http://localhost:5800/get-id/ in the browser and try to hit code2 in the console then getting the perfect parameter.如果我在任何检查控制台中使用code2然后得到一个空的主体但是当我在浏览器中打开http://localhost:5800/get-id/并尝试在控制台中点击code2然后获得完美的参数。
It means, localhost domain it's working fine but when it's fetched from any domain through my error.这意味着,本地主机域它工作正常,但是当它通过我的错误从任何域中获取时。
What is the proper solution for it?什么是正确的解决方案? In C/CPP language how can we allow cors?在 C/CPP 语言中,我们如何允许 cors?
Strange:奇怪的:
when I hit from console, it's show me empty当我从控制台点击时,它显示我是空的
For same request I checked network tab, show 200 OK with proper response / preview data对于相同的请求,我检查了网络选项卡,显示 200 OK 并带有正确的响应/预览数据
1 个解决方案
解决方案1
1 2021-01-20 08:52:11
CORS is a complex topic, I usually use CORS middleware to handle it in Node.JS in Express server (maybe the code will be useful to solve this). CORS 是一个复杂的话题,我通常在 Express 服务器的 Node.JS 中使用CORS 中间件来处理它(也许代码将有助于解决这个问题)。
It's goal is to allow API on domain api-domain to list web applications that can use it, for example your application is on webapp-domain domain.其目标是允许域api-domain上的 API 列出可以使用它的 web 应用程序,例如您的应用程序位于webapp-domain域上。
When application calls fetch('http://api-domain/get-id/') to another domain it is referred to as cross-origin call.当应用程序调用fetch('http://api-domain/get-id/')到另一个域时,它被称为跨域调用。
All browser do CORS preflight call like this to check for allowance:所有浏览器都会像这样执行CORS 预检调用来检查余量:
OPTIONS /get-id/
Access-Control-Request-Method: GET
Access-Control-Request-Headers: origin, x-requested-with
Origin: http://webapp-domain
(please note it's an OPTION request to the API, not GET) (请注意这是对 API 的 OPTION 请求,而不是 GET)
And response should list webapp-domain as allowed (and specify which HTTP methods are allowed)并且响应应列出允许webapp-domain (并指定允许哪些 HTTP 方法)
HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: http://webapp-domain
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400
After the successful preflight call like this the browser will continue with fetch , for example, it will send GET request to http://api-domain/get-id/像这样成功的预检调用后,浏览器将继续fetch ,例如,它将向http://api-domain/get-id/发送 GET 请求
PS附言
One of the ways to skip CORS is to set HTTP proxy in webapp-domain which will call api-domain on server-side and is not limited by CORS.跳过 CORS 的一种方法是在webapp-domain中设置 HTTP 代理,该代理将在服务器端调用api-domain并且不受 CORS 的限制。 See this answer for details.有关详细信息,请参阅此答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.