使用 axios 表达 CORS 请求失败
[英]Express CORS request with axios fails
问题描述
I have an authentication cookie that I want to send to an express server.
我有一个要发送到快速服务器的身份验证 cookie。 The request is supposed to send both JWT from the localStorage(which it does) and a cookie that is previously set.该请求应该从 localStorage(它确实如此)和先前设置的 cookie 发送 JWT 。
The cookie is set by the following response from an endpoint: cookie 由来自端点的以下响应设置:
res
.cookie("cookiename", "cookievalue", {
maxAge: 86400 * 1000,
httpOnly: false,
secure: false,
})
.sendStatus(200);
The cookie appears correcly in the DevTools: cookie 在 DevTools 中正确显示:
Then, I want to use the cookie in every subsequent request: First I set withCredentials globally to true:然后,我想在每个后续请求中使用 cookie:首先我将 withCredentials 全局设置为 true:
axios.defaults.withCredentials = true;
Then I make a request with intentions of sending the cookie:然后我发出一个发送 cookie 的请求:
axios
.get("http://localhost:5000/userLikedPlaces", {
headers: {
jwt: localStorage.getItem("jwt"),
"X-Requested-With": "XMLHttpRequest",
"Content-Type": "application/json",
"Access-Control-Allow-Credentials": true,
},
params: { limit: likedQueryOffset },
})
However, I get an error:但是,我收到一个错误:
By what I understand, I should set Access-Control-Allow-Origin to my localhost:3000 address, so I copy the following code:据我了解,我应该将Access-Control-Allow-Origin设置为我的 localhost:3000 地址,因此我复制以下代码:
server.use(function (req, res, next) {
// Website you wish to allow to connect
res.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
// Request methods you wish to allow
res.setHeader(
"Access-Control-Allow-Methods",
"GET, POST, OPTIONS, PUT, PATCH, DELETE"
);
// Request headers you wish to allow
res.setHeader(
"Access-Control-Allow-Headers",
"X-Requested-With,content-type"
);
// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
res.setHeader("Access-Control-Allow-Credentials", true);
// Pass to next layer of middleware
next();
});
The other middlewares are:其他中间件是:
server.use(cors());
server.use(cookieParser("MySecret"));
server.use(bodyParser.urlencoded({ extended: false }));
server.use(bodyParser.json({ limit: "10kb" }));
server.use(cors({ credentials: true, origin: "http://localhost:3000" }));
I am rather bewildered, since I have looked at a considerable number of similar questions, and this header seems to fix the issue, but apparently not here.我很困惑,因为我已经查看了相当多的类似问题,而这个 header 似乎解决了这个问题,但显然不是在这里。 My question is how to fix the CORS issue, getting the cookie from localhost:3000(client) to localhost:5000(server)?我的问题是如何解决 CORS 问题,将 cookie 从 localhost:3000(client) 获取到 localhost:5000(server)?
1 个解决方案
解决方案1
0 2021-12-22 09:30:21
The problem was the fact that the default configuration of the CORS middleware uses the wildcard attribute, and is the reason why all request were blocked.问题在于 CORS 中间件的默认配置使用通配符属性,这就是所有请求都被阻止的原因。 Solution is to use the custom configuration:解决方案是使用自定义配置:
server.use(cors({ credentials: true, origin: "http://localhost:3000" }));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.