[英]allowing options method with restify - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
我正在使用restify框架編寫nodejs api應用程序。
我正在為跨域訪問啟用cors。
restify使用以下代碼配置:
var restify = require('restify'),
fs = require('fs');
var server = restify.createServer({
certificate: fs.readFileSync(__dirname + '/config/keys/myalcoholist/server.crt'),
key: fs.readFileSync(__dirname + '/config/keys/myalcoholist/server.key'),
name: 'MyAlcoholist',
});
function corsHandler(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-Response-Time, X-PINGOTHER, X-CSRF-Token');
res.setHeader('Access-Control-Allow-Methods', '*');
res.setHeader('Access-Control-Expose-Headers', 'X-Api-Version, X-Request-Id, X-Response-Time');
res.setHeader('Access-Control-Max-Age', '1000');
return next();
}
function optionsRoute(req, res, next) {
res.send(200);
return next();
}
server.use(restify.bodyParser());
server.use(restify.CORS({
origins: ['http://127.0.0.1', 'https://myalcoholist.com', 'https://www.myalcoholist.com'], // defaults to ['*']
credentials: true, // defaults to false
headers: ['x-foo'], // sets expose-headers
methods: ['GET','PUT','DELETE','POST','OPTIONS']
}));
server.opts('/\.*/', corsHandler, optionsRoute);
server.listen(8888, function() {
console.log('%s listening at %s', server.name, server.url);
});
正如您所看到的,我實現了一個corsHandler函數來處理OPTIONS請求。 我遇到的問題是,當我從https://myalcoholist.com訪問此nodejs api時,我的google chrome瀏覽器出現以下錯誤:
XMLHttpRequest cannot load https://myalcoholist.com:8888/cocktail/get_latest_drinks. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
任何想法為什么我得到這個錯誤?
似乎答案非常簡單,我需要將Authorization添加到允許的標頭中。 所以我的corsHandler函數有效如下:
function corsHandler(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-Response-Time, X-PINGOTHER, X-CSRF-Token,Authorization');
res.setHeader('Access-Control-Allow-Methods', '*');
res.setHeader('Access-Control-Expose-Headers', 'X-Api-Version, X-Request-Id, X-Response-Time');
res.setHeader('Access-Control-Max-Age', '1000');
return next();
}
能夠通過以下方式解決OPTIONS MethodNotAllowed錯誤和使用GET / POST的CORS預檢問題的解決問題
var server = restify.createServer({
name: "Test Server",
version: "2.0.1"
});
function corsHandler(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-Response-Time, X-PINGOTHER, X-CSRF-Token,Authorization');
res.setHeader('Access-Control-Allow-Methods', '*');
res.setHeader('Access-Control-Expose-Headers', 'X-Api-Version, X-Request-Id, X-Response-Time');
res.setHeader('Access-Control-Max-Age', '1000');
return next();
}
function optionsRoute(req, res, next) {
res.send(200);
return next();
}
server.use(restify.CORS({
credentials: true, // defaults to false
methods: ['GET','PUT','DELETE','POST','OPTIONS']
}));
/*
routes and authentication handlers
*/
server.opts('/\.*/', corsHandler, optionsRoute);
server.listen(serverPort, function() {
var consoleMessage = '\n Test Server';
}
似乎Restify直接刪除了CORS支持,現在由一個插件, restify-cors-middleware處理 。
預檢響應中的 Access-Control-Allow-Headers 不允許請求 header 字段 ack 即使服務器已經允許它
[英]Request header field ack is not allowed by Access-Control-Allow-Headers in preflight response even the server already allowing it
請求標頭字段在飛行前響應中,Access-Control-Allow-Headers不允許進行授權。 (節點,反應,axios)
[英]Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (node, react, axios)
Node JS - CORS - 請求 header 預檢響應中的 Access-Control-Allow-Headers 不允許字段授權
[英]Node JS - CORS - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
CORS 錯誤:預檢響應中的 Access-Control-Allow-Headers 不允許請求標頭字段授權
[英]CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
預檢響應中的 Access-Control-Allow-Headers 不允許 Angularjs 請求標頭字段 Access-Control-Allow-Headers
[英]Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
預檢響應中的 Access-Control-Allow-Headers 不允許請求標頭字段身份驗證
[英]Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
預檢響應中的 Access-Control-Allow-Headers 不允許請求 header 字段內容類型
[英]Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response
NodeJS + ExpressJS:預檢響應中的 Access-Control-Allow-Headers 不允許請求標頭字段
[英]NodeJS + ExpressJS: Request header field not allowed by Access-Control-Allow-Headers in preflight response
在飛行前響應中,節點Js請求標頭字段Access-Control-Allow-Headers不允許Access-Control-Allow-Origin
[英]Node Js Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response
無法加載“端點”:在飛行前響應中,Access-Control-Allow-Headers不允許請求標頭字段If-Modified-Since
[英]Failed to load 'endpoint': Request header field If-Modified-Since is not allowed by Access-Control-Allow-Headers in preflight response
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.