堆栈内存溢出
  简体   繁体   English

被 CORS 阻止:在预检响应中 Access-Control-Allow-Headers 不允许请求 header 字段授权

[英]Being blocked by CORS: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response

 原文  2021-06-06 19:35:00       javascript/ express/ axios/ cors/ preflight

问题描述

I am getting the error我收到错误

Access to XMLHttpRequest at 'http://localhost:4000/api/investments' from origin 'http://localhost:5000' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Whenever I try to post some data to my api using the following axios command每当我尝试使用以下 axios 命令将一些数据发布到我的 api 时

  const [login, setLogin] = useState(
    localStorage.getItem('userInfo')
      ? JSON.parse(localStorage.getItem('userInfo'))
      : null
  );
const config = {
      headers: {
        'Content-Type': 'application/json',
        Authorization: `Bearer ${login.token}`,
      },
    };
 await axios
      .post(`${Config.SERVER_ADDRESS}/api/investments`, investmentObj, config)
      .then((response) => {
        console.log(investmentObj);
        notify(`${response.data.name} investimento cadastrado com Sucesso`);
        history.push(`/app/investment/${response.data._id}`);
      })
      .catch((err) => {
        console.log(err);

        notify(err.response.data, 'danger');
      });

I don't know what to do, since I am using the following middleware:我不知道该怎么做,因为我正在使用以下中间件:

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', '*');
  res.header('Access-Control-Allow-Credentials', true);
  res.header(
    'Access-Control-Allow-Headers',
    'Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers'
  );

  app.use(cors());
  next();
});

I think that my issue is related to the Authorization in the headers, since my other api calls are working... Hopefully any of you guys will help me with such preflight request我认为我的问题与标头中的授权有关,因为我的其他 api 调用正在工作......希望你们中的任何一个都能帮助我处理这样的预检请求

1 个解决方案

解决方案1
 -2 已采纳  2021-06-06 20:51:33

I just added the following code app.options('*', cors());我刚刚添加了以下代码app.options('*', cors()); and now it is everything working... Check that out on the documentation from CORS npm https://www.npmjs.com/package/cors#enabling-cors-pre-flight现在一切正常...查看 CORS npm https://www.npmjs.com/package/cors#enabling-cors-pre-flight

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', '*');
  res.header('Access-Control-Allow-Credentials', true);
  res.header(
    'Access-Control-Allow-Headers',
    'Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers'
  );

  app.use(cors({ credentials: true, origin: true }));
  next();
});
app.options('*', cors());

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CORS 错误:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段授权 - CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response XMLHttpRequest 已被 CORS 策略阻止:请求 header 字段内容类型在预检响应中不允许访问控制允许标头 - XMLHttpRequest has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response 被 CORS 策略阻止:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段内容类型 - blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response 请求标头字段Access-Control-Allow-Headers在预检响应中不允许使用Access-Control-Allow-Headers - Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许请求头字段授权。 (nginx) - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (nginx) 预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段授权 - Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response “请求 header 字段 Access-Control-Allow-Origin 在预检响应中被 Access-Control-Allow-Headers 不允许”尽管 CORS 配置有效 - “Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response” despite valid CORS config 飞行前响应中的Access-Control-Allow-Headers不允许请求标头字段Access-Control-Request-Methods - Request header field Access-Control-Request-Methods is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许 Angularjs 请求标头字段 Access-Control-Allow-Headers - Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response 当使用 http 从 JS 获取请求到 SlackAPI 时,Access-Control-Allow-Headers 在飞行前响应中不允许请求 header 字段授权 - Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response when using http get req from JS to SlackAPI
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM