隨機得到沒有'Access-Control-Allow-Origin' header 存在

Question

我用 EXPRESS.js 構建了一個 CDN 服務器，把它放在子域上，然后使用cors package 來啟用 CORS

var app = express();

app.use(cors({
    methods: "GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS",
})); 

function shouldCompress (req, res) {
    if (req.headers['x-no-compression']) return false
    return compression.filter(req, res)
}
app.use(compression({filter: shouldCompress}))
app.use(requestIp.mw());
app.use(helmet());
app.use(bodyParser.urlencoded({limit: '5mb', extended: false}));
app.use(bodyParser.json({limit: '5mb'}));
app.use(bodyParser.text({type: 'text/plain',limit: '5mb'}));
app.use(cookieParser());

但有時由於 CORS 政策，我的網站無法正確加載。
我使用https://www.test-cors.org使用GET和OPTIONS測試這些鏈接。 一切都很好。

Access to XMLHttpRequest at 'https://cdn.boghrat.com//adm/notif.html' from origin 'https://boghrat.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

用這個

app.use(function (req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header(
    "Access-Control-Allow-Methods",
    "GET,HEAD,PUT,POST,OPTIONS,UPDATE,DELETE"
  );
  res.header(
    "Access-Control-Allow-Headers",
    "Origin, X-Requested-With, Content-Type, Accept, Authorization, token"
  );
  next();
});