后端返回两次“Access-Control-Allow-Origin”Header,每次都有不同的值
[英]Backend Returns "Access-Control-Allow-Origin" Header Twice, Each With Different Value
问题描述
I'm using Python's FastAPI to manage the server's API and Axios hooks on my Frontend.
我正在使用 Python 的 FastAPI 在我的前端管理服务器的 API 和 Axios 挂钩。
Here's my code snippet that handles details of the CORS policy on the server:这是我的代码片段,用于处理服务器上 CORS 策略的详细信息:
origins = ["http://localhost:3000"]
*****some code here*****
app = FastAPI(
title=settings.PROJECT_NAME,
version="1.0",
docs_url=f"{settings.API_V1_STR}/docs",
openapi_url=f"{settings.API_V1_STR}/openapi.json",
)
app.container = app
app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
app.include_router(api_router, prefix=settings.API_V1_STR)
Here's the relevant hook that I'm using on the Frontend via Axios-hooks axios-hooks docs :这是我通过 Axios-hooks axios-hooks 文档在前端使用的相关钩子:
const [
{
response: marketResponse,
loading: marketLoading,
error: marketError,
},
] = useAxios({
url: serverURL("market/list"),
method: "GET",
});
It's important to note that I've double checked the allowed origin.重要的是要注意我已经仔细检查了允许的来源。
The issue:问题:
As my web app requests the list via above mentioned axios hoook, the following error appears:由于我的 web 应用程序通过上述 axios 钩子请求列表,出现以下错误:
Here's the Network Tab's Header Info:这是网络选项卡的 Header 信息:
Network's Header Info网络的 Header 信息
As you'll notice Access-Control-Allow-Origin appears there 2x.正如您会注意到的那样,Access-Control-Allow-Origin 出现了 2 次。 Once in capped init letter and 2nd time in all lower case.一次是大写的初始字母,第二次是全部小写。 I figured the issue somehow stems from this headers.我认为这个问题不知何故源于这个标题。 Unfortunatelly can't find a particular way to fix it.不幸的是找不到修复它的特定方法。
Thanks for any kind of help!感谢您提供任何帮助!
Googled multiple similiar issues and studied both Axios & Fast Api docs.用谷歌搜索了多个类似的问题并研究了 Axios 和 Fast Api 文档。 Unfortunately couldn't find even a slight hint of solution.不幸的是,连一点点解决办法都找不到。
1 个解决方案
解决方案1
0 已采纳 2023-01-11 17:57:28
The issue问题
This is actually a known issue with the Starlette CORSMiddleware .这实际上是Starlette CORSMiddleware的一个已知问题。 So the issue is that Starlette CORSMiddleware adds the origin header without checking if it already exists.所以问题是 Starlette CORSMiddleware 添加了原点 header 而没有检查它是否已经存在。 That is by design.这是设计使然。
FastAPI is wrapping this module. FastAPI 正在包装这个模块。
If you take a look at the actual Starlette code you will see that it is going to this line .如果您查看实际的 Starlette 代码,您会发现它位于这一行。
This explains the upper case version of Access-Control-Allow-Origin .这解释了Access-Control-Allow-Origin的大写版本。
So why is this happening?那么为什么会这样呢?
Multiple servers are running.多个服务器正在运行。 A known issue is if you are using python-socketio then the socketio will add its own version of the header.一个已知问题是,如果您使用的是python-socketio ,则 socketio 将添加自己的 header 版本。
I noticed this line:我注意到这一行:
app.container = app
What is the reason for this?这是什么原因? Can you try to comment it out and rerun the code?您可以尝试将其注释掉并重新运行代码吗?
Else check if your NGINX is setting CORS.否则检查您的 NGINX 是否设置为 CORS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.