尽管存在 Access-Control-Allow-Origin header,但 Chrome 中的 CORS 问题
[英]CORS issue in Chrome though Access-Control-Allow-Origin header is present
问题描述
A developer added new DELETE blog endpoint, whose source code is based on the existing and working DELETE page endpoint.
开发人员添加了新的 DELETE 博客端点,其源代码基于现有的和工作的 DELETE 页面端点。 It works on his PC but it fails on my PC.它可以在他的电脑上运行,但在我的电脑上却失败了。 The Chrome does not run the DELETE method because of allegedly missing CORS header. Chrome 没有运行 DELETE 方法,因为据称缺少 CORS header。
The attached picture shows Chrome dev tools screenshots for three different OPTION + DELETE/POST requests.附图显示了三种不同 OPTION + DELETE/POST 请求的 Chrome 开发工具屏幕截图。 I have checked that OPTIONS is always run for DELETE page request and it returns a CORS header for localhost.我已经检查过 OPTIONS 始终针对 DELETE 页面请求运行,它为本地主机返回 CORS header。 The response is the same as for POST a picture or DELETE a page.响应与 POST 图片或 DELETE 页面相同。 I cannot see any difference and I cannot find an explanation.我看不出任何区别,也找不到解释。
Backend is written in NodeJS后端是用 NodeJS 编写的
This code works on my PC: https://github.com/literakl/mezinamiridici/blob/master/backend/src/handlers/pages/deletePage.js此代码适用于我的 PC: https://github.com/literakl/mezinamiridici/blob/master/backend/src/handlers/pages/deletePage.js
module.exports = (app) => {
app.options('/v1/pages/:pageId', auth.cors);
app.delete('/v1/pages/:pageId', auth.required, auth.cms_admin, auth.cors, async (req, res) => {
This code works on developer's Chrome and Firefox but fails on my Chrome or Edge https://github.com/literakl/mezinamiridici/blob/master/backend/src/handlers/items/deleteBlog.js此代码适用于开发人员的 Chrome 和 Firefox 但在我的 Chrome 或 Edge https 上失败://github.com/literakl/mezinamiridici/blob/master/backend/src/handlers/items/deleteBlog.js
module.exports = (app) => {
app.options('/v1/blog/:blogId', auth.cors);
app.delete('/v1/blog/:blogId', auth.required, auth.cors, async (req, res) => {
Frontend is written in Vue.前端是用 Vue 编写的。 The page with Delete button is loaded from http://localhost:8080/p/leos/b/wing-suit-2.带有删除按钮的页面从 http://localhost:8080/p/leos/b/wing-suit-2 加载。 OPTIONS returns:选项返回:
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://localhost:8080
Blocked DELETE request contains these request headers:被阻止的 DELETE 请求包含以下请求标头:
Origin: http://localhost:8080
Referer: http://localhost:8080/
So I assume that everything is set up correctly.所以我假设一切都设置正确。 Where is the issue please?请问问题出在哪里?
Update 1:更新1:
console log:控制台日志:
Access to XMLHttpRequest at 'http://localhost:3000/v1/blog/1f3j20k5qh' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
1 个解决方案
解决方案1
-1 2021-04-24 13:24:45
One thing I see is that the value in the header is different in the options call than in your delete call, specifically its less restrictive, might be that browsers take issue with that我看到的一件事是,选项调用中的 header 中的值与删除调用中的值不同,特别是它的限制性较小,可能是浏览器对此有异议
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.