[英]Window exe API cors issue when calling from any webapp. C++
We've created one EXE file using the CPP language and create one API like http://localhost:5800/get-id/
.我们已经使用 CPP 语言创建了一个 EXE 文件,并创建了一个 API,例如
http://localhost:5800/get-id/
。 when I open in browser return me the perfect output.当我在浏览器中打开时,返回完美的 output。
When I used fetch
in HTML > script page, then getting No "Access-Control-Allow-Origin" header is present on the requested resource.
当我在 HTML > 脚本页面中使用
fetch
时No "Access-Control-Allow-Origin" header is present on the requested resource.
Code1:代码1:
fetch("http://localhost:5800/get-id/", {method: 'GET').then(function(response) {
console.log(response.text());
}).catch(function(error) {
console.log('Request failed', error)
});
After research, I've added the mode: no-cors
error lost but getting an empty response.经过研究,我添加了
mode: no-cors
error lost but getting a empty response。 Code2:代码2:
fetch("http://localhost:5800/get-id/", {method: 'GET', mode: 'no-cors'}).then(function(response) {
console.log(response.text());
}).catch(function(error) {
console.log('Request failed', error)
});
If I use code2
in any inspect console then getting an empty body but when I open http://localhost:5800/get-id/
in the browser and try to hit code2
in the console then getting the perfect parameter.如果我在任何检查控制台中使用
code2
然后得到一个空的主体但是当我在浏览器中打开http://localhost:5800/get-id/
并尝试在控制台中点击code2
然后获得完美的参数。
It means, localhost domain it's working fine but when it's fetched from any domain through my error.这意味着,本地主机域它工作正常,但是当它通过我的错误从任何域中获取时。
What is the proper solution for it?什么是正确的解决方案? In C/CPP language how can we allow cors?
在 C/CPP 语言中,我们如何允许 cors?
Strange:奇怪的:
when I hit from console, it's show me empty当我从控制台点击时,它显示我是空的
For same request I checked network tab, show 200 OK with proper response / preview data对于相同的请求,我检查了网络选项卡,显示 200 OK 并带有正确的响应/预览数据
CORS is a complex topic, I usually use CORS middleware to handle it in Node.JS in Express server (maybe the code will be useful to solve this). CORS 是一个复杂的话题,我通常在 Express 服务器的 Node.JS 中使用CORS 中间件来处理它(也许代码将有助于解决这个问题)。
It's goal is to allow API on domain api-domain
to list web applications that can use it, for example your application is on webapp-domain
domain.其目标是允许域
api-domain
上的 API 列出可以使用它的 web 应用程序,例如您的应用程序位于webapp-domain
域上。
When application calls fetch('http://api-domain/get-id/')
to another domain it is referred to as cross-origin call.当应用程序调用
fetch('http://api-domain/get-id/')
到另一个域时,它被称为跨域调用。
All browser do CORS preflight call like this to check for allowance:所有浏览器都会像这样执行CORS 预检调用来检查余量:
OPTIONS /get-id/
Access-Control-Request-Method: GET
Access-Control-Request-Headers: origin, x-requested-with
Origin: http://webapp-domain
(please note it's an OPTION request to the API, not GET) (请注意这是对 API 的 OPTION 请求,而不是 GET)
And response should list webapp-domain
as allowed (and specify which HTTP methods are allowed)并且响应应列出允许
webapp-domain
(并指定允许哪些 HTTP 方法)
HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: http://webapp-domain
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400
After the successful preflight call like this the browser will continue with fetch
, for example, it will send GET request to http://api-domain/get-id/
像这样成功的预检调用后,浏览器将继续
fetch
,例如,它将向http://api-domain/get-id/
发送 GET 请求
PS附言
One of the ways to skip CORS is to set HTTP proxy in webapp-domain
which will call api-domain
on server-side and is not limited by CORS.跳过 CORS 的一种方法是在
webapp-domain
中设置 HTTP 代理,该代理将在服务器端调用api-domain
并且不受 CORS 的限制。 See this answer for details.有关详细信息,请参阅此答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.