当请求的凭据模式为“include”时,响应中的“Access-Control-Allow-Origin”标头不能是通配符“*”
我正试图将我电子应用程序转换为全网。当我从我的本地主机运行应用程序时,我得到以下错误:
加载https://agrt.herokuapp.com/login失败:对飞行前请求的响应没有通过访问控制检查:当请求的凭据模式为“include”时,响应中的“access-control-allog-origin”标头的值不能是通配符“*”。因此,不允许访问源'http://localhost:4200'。由XMLHttpRequest发起的请求的凭据模式由withCredentials属性控制。
this.http.post(Consts.REMOTE_URL + '/login', {
username: username,
password: password
}, {withCredentials:true}).
app.use(function(req,res,next){
res.header("Access-Control-Allow-Origin","http://localhost:4200");
res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type, Accept');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
res.header('Access-Control-Allow-Credentials', true);
next();
})
server.js:
const express = require('express')
const passport = require('passport')
const winston = require('winston')
const db = require('./db')
const cors = require('cors')
require('dotenv').config()
const port = process.env.PORT || 9000
const app = express()
app.use(cors())
require('./config/passport')(passport, db)
require('./config/express')(app, passport, db.pool, db)
require('./app/routes')(app, passport)
app.use(function (err, req, res, next) {
if (err.message && (~err.message.indexOf('not found'))) {
return next()
}
winston.error(err.stack)
return res.status(500).json({error: 'Error on backend occurred.'})
})
const server = app.listen(port, () => {
console.log("listening to port: "+port);
if(app.get('env') === 'test') return
winston.log('Express app started on port ' + port)
})
server.on('close', () => {
winston.log('Closed express server')
db.pool.end(() => {
winston.log('Shut down connection pool')
})
})
express.js:
const path = require('path')
const express = require('express')
const expressHandlebars = require('express-handlebars')
const expressValidator = require('express-validator')
const session = require('express-session')
const pgSession = require('connect-pg-simple')(session)
const bodyParser = require('body-parser')
const cookieParser = require('cookie-parser')
const methodOverride = require('method-override')
const morgan = require('morgan')
const winston = require('winston')
const config = require('./')
const resumable = require('../app/lib/resumablejs')
const env = process.env.NODE_ENV || 'development'
module.exports = (app, passport, pool, db) => {
let log = 'dev'
if (env !== 'development') {
log = {
stream: {
write: message => winston.info(message)
}
}
}
if (env !== 'test') app.use(morgan(log))
app.engine('handlebars', expressHandlebars())
app.set('view engine', 'handlebars')
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true }))
app.use(expressValidator())
app.use(methodOverride(function (req) {
if (req.body && typeof req.body === 'object' && '_method' in req.body) {
var method = req.body._method
delete req.body._method
return method
}
}))
app.use(cookieParser())
app.use(session({
store: new pgSession({
pool
}),
secret: config.session_secret,
// saveUninitialized: false,
// resave: false,
cookie: { maxAge: 14 * 24 * 60 * 60 * 1000 }
}))
/////////////////////////////////////////
app.use(function(req,res,next){
res.header("Access-Control-Allow-Origin","http://localhost:4200");
res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type, Accept');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
res.header('Access-Control-Allow-Credentials', true);
next();
})
//////////////////////////////////////////
app.use(passport.initialize())
app.use(passport.session())
app.use('/', express.static(path.join(config.root, 'public')))
app.use('/files', resumable(undefined, undefined, db))
}
共有1个答案
尝试使用以下配置:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Credentials", true);
res.header("Access-Control-Allow-Origin", req.headers.origin);
res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
res.header(
"Access-Control-Allow-Headers",
"X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept"
);
if ("OPTIONS" == req.method) {
res.send(200);
} else {
next();
}
});
-
该应用程序正在编译和从服务器获取数据。但是只有socket.io不工作,我得到以下错误: localhost/:1未能加载http://localhost:3000/socket.io/?eio=3&transport=polling&t=mephatn:当请求的凭据模式为“include”时,响应中“access-control-allog-origin”标头的值不能是通配符“*”。因此,不允许
-
我使用进行用户身份验证,只允许登录用户访问Spring(引导)。此时,我正在创建一个实时消息功能,用户可以使用和从客户机()向Spring服务器(localhost:8081)发送消息。 当试图创建Stomp-client并启动连接时,我收到以下控制台错误: 在研究了这个问题之后,似乎不可能同时设置origins=*和credentials=true选项。当我已经将WebSocketConfig中
-
问题内容: 我有一个涉及的设置 前端服务器(Node.js,域:localhost:3000)<—>后端(Django,Ajax,域:localhost:8000) 浏览器<-webapp <-Node.js(为应用提供服务) 浏览器(webapp)-> Ajax-> Django(服务ajax POST请求) 现在,我的问题是CORS设置,Web应用程序使用它来对后端服务器进行Ajax调用。在C
-
我的应用程序在java web应用程序中执行一些REST请求。这些请求都是CORS请求,所以浏览器每次都要在实际选项之前执行选项预置。每个请求都类似于 对于谷歌chrome来说,请求是ok的,内容就会显示出来。
-
我认为浏览器在被响应时使用了它的缓存,并发现被缓存为的资源,因此拒绝满足请求。 我怎样才能缓解这里的问题?有什么想法吗?