多个域的 Vercel 缓存 CORS 标头问题
[英]Vercel cache CORS headers issue for multiple domains
问题描述
I have a Next.js API deployed on Vercel.
我在 Vercel 上部署了 Next.js API。 The API is used by multiple other domains. API 被多个其他域使用。
When the browser send the If-None-Match header, Vercel can reply with a 304;当浏览器发送If-None-Match header 时,Vercel 可以回复 304; however, the Access-Control-Allow-Origin header may correspond to another origin, and a CORS error occurs.但是, Access-Control-Allow-Origin header 可能对应另一个来源,并出现 CORS 错误。 I guess it's due to the fact Vercel sends the headers from the cached response.我猜这是因为 Vercel 从缓存的响应中发送标头。
How can I make sure the correct origin value will be specified in the Access-Control-Allow-Origin header?如何确保在Access-Control-Allow-Origin header 中指定正确的原点值? I think I could add some proxy for every domains consuming the API but I'd prefer to avoid that.我想我可以为每个使用 API 的域添加一些代理,但我宁愿避免这种情况。
1 个解决方案
解决方案1
0 2021-11-18 18:34:08
As I understand it, the problem is that Vercel doesn't include the request's origin in the cache key, and you get accidental Web cache poisoning .据我了解,问题在于 Vercel 没有在缓存键中包含请求的来源,并且您会意外Web 缓存中毒。 Unfortunately, Vercel doesn't seem to allow custom cache keys yet.不幸的是,Vercel似乎还不允许自定义缓存键。
A long-term solution would be to put pressure on Vercel for them to add the origin to the their cache key;一个长期的解决方案是向 Vercel 施加压力,让他们将来源添加到他们的缓存键中; this is a sensible default that other CDNs, such as Cloudflare, have adopted.这是其他 CDN(例如 Cloudflare)采用的合理默认设置。 An alternative, short-term solution would be to make your responses to CORS requests non-cacheable according to Vercel caching rules .另一种短期解决方案是根据Vercel 缓存规则使您对 CORS 请求的响应不可缓存。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.