堆栈内存溢出
  简体   繁体   English

请求已被 CORS 策略阻止请求 header 字段访问令牌在预检响应节点中被 Access-Control-Allow-Headers 不允许

[英]Request has been blocked by CORS policy Request header field access-token is not allowed by Access-Control-Allow-Headers in preflight response Node

 原文  2021-05-17 09:56:37       node.js/ reactjs/ cors/ mern

问题描述

I've build a MERN stack web app and trying to deploy it's frontend on netlify and backend on heroku.我已经构建了一个 MERN 堆栈 web 应用程序,并尝试将其前端部署在 netlify 上,后端部署在 heroku 上。 I've deployed both of them successfully but getting issues in sending requests to api from my frontend.我已经成功部署了它们,但是在从我的前端向 api 发送请求时遇到问题。

I'm getting this on console -我在控制台上得到这个 -

Access to XMLHttpRequest at 'https://covidsupportweb.herokuapp.com/api/donate/adminPaginate' from origin 'https://angry-hamilton-41dfa7.netlify.app' has been blocked by CORS policy: Request header field access-token is not allowed by Access-Control-Allow-Headers in preflight response.

xhr.js:177 POST https://covidsupportweb.herokuapp.com/api/donate/adminPaginate net::ERR_FAILED

I tried to fix this and added following lines in my server.js file -我试图解决这个问题并在我的 server.js 文件中添加了以下几行 -

// cors middleware
app.use(function (req, res, next) {
  res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
  res.header(
    "Access-Control-Allow-Headers",
    "Origin, X-Requested-With, Content-Type, Accept, Authorization",
  );
  res.header(
    "Access-Control-Allow-Methods",
    "GET, POST, OPTIONS, PUT, PATCH, DELETE",
  );
  next();
});

Please help me fix this, I really need to start this website as soon as possible请帮我解决这个问题,我真的需要尽快启动这个网站

frontend - https://angry-hamilton-41dfa7.netlify.app backend - https://covidsupportweb.herokuapp.com前端 - https://angry-hamilton-41dfa7.netlify.app后端 - https://covidsupportweb.herokuapp.Z4D236D9A2D102C5ZFE6AD1C50DA4BEC5

1 个解决方案

解决方案1
 -1  2021-05-17 10:05:18

You have to add options also in allowed headers.您还必须在允许的标题中添加选项。 browser sends a preflight request before original request is sent.浏览器在发送原始请求之前发送预检请求。 See below见下文

res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS'); From source https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS

In CORS, a preflight request with the OPTIONS method is sent, so that the server can respond whether it is acceptable to send the request with these parameters.在 CORS 中,发送一个带有 OPTIONS 方法的预检请求,以便服务器可以响应是否可以接受发送带有这些参数的请求。 The Access-Control-Request-Method header notifies the server as part of a preflight request that when the actual request is sent, it will be sent with a POST request method. Access-Control-Request-Method header 作为预检请求的一部分通知服务器,当实际请求发送时,它将使用 POST 请求方法发送。 The Access-Control-Request-Headers header notifies the server that when the actual request is sent, it will be sent with a X-PINGOTHER and Content-Type custom headers. Access-Control-Request-Headers header 通知服务器在发送实际请求时,将使用 X-PINGOTHER 和 Content-Type 自定义标头发送。 The server now has an opportunity to determine whether it wishes to accept a request under these circumstances.服务器现在有机会确定它是否希望在这些情况下接受请求。

Alternate (Recomended): You can avoid this manual configuration by using npmjs.com/package/cors npm package.I have used this method also, it is clear and easy.替代(推荐):您可以通过使用npmjs.com/package/cors npm package 来避免这种手动配置。我也使用过这种方法,它清晰易懂。

How to use (2nd method):使用方法(第二种方法):

  1. Install CORS using CMD or Terminal: $ npm install cors使用 CMD 或终端安装 CORS 或终端: $ npm install cors

  2. Make change in your code according to this:根据此更改您的代码:

var express = require('express')
var cors = require('cors')
var app = express()
 
app.use(cors())
 
app.get('/products/:id', function (req, res, next) {
  res.json({msg: 'This is CORS-enabled for all origins!'})
})
 
app.listen(80, function () {
  console.log('CORS-enabled web server listening on port 80')
})

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Node JS - CORS - 请求 header 预检响应中的 Access-Control-Allow-Headers 不允许字段授权 - Node JS - CORS - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response CORS 错误:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段授权 - CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response 请求标头字段在飞行前响应中,Access-Control-Allow-Headers不允许进行授权。 (节点,反应,axios) - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (node, react, axios) 在飞行前响应中,节点Js请求标头字段Access-Control-Allow-Headers不允许Access-Control-Allow-Origin - Node Js Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许 Angularjs 请求标头字段 Access-Control-Allow-Headers - Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response NodeJS + ExpressJS:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段 - NodeJS + ExpressJS: Request header field not allowed by Access-Control-Allow-Headers in preflight response 允许使用restify的选项方法 - 请求头字段预检响应中的Access-Control-Allow-Headers不允许授权 - allowing options method with restify - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段身份验证 - Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段内容类型 - Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段 ack 即使服务器已经允许它 - Request header field ack is not allowed by Access-Control-Allow-Headers in preflight response even the server already allowing it
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM