问题描述
我试图在node.js中允许CORS,但问题是,如果设置了Access-Control-Allow-Credentials
,则无法将*
设置为Access-Control-Allow-Origin
.
I'm trying to allow CORS in node.js but the problem is that I can't set *
to Access-Control-Allow-Origin
if Access-Control-Allow-Credentials
is set.
规范还说我不能为Access-Control-Allow-Origin
做一个数组或逗号分隔的值,建议的方法是做与此类似的事情
Also the specification said I can't do an array or comma separated value for Access-Control-Allow-Origin
and the suggested method would be to do something similar to this Access-Control-Allow-Origin Multiple Origin Domains?
但是我似乎无法在node.js中做到这一点
But I can't seem to do this way in node.js
["http://mydomain.com:9001", "http://mydomain.com:5001"].map(function(domain) {
res.setHeader( "Access-Control-Allow-Origin", domain );
});
res.header( "Access-Control-Allow-Credentials", true );
这里的问题是它会被数组中的最后一个值覆盖,因此标头将设置为res.setHeader( "Access-Control-Allow-Origin", "http://mydomain.com:5001" );
The problem here is that it's bein override by the last value in the array, so the header will be set to res.setHeader( "Access-Control-Allow-Origin", "http://mydomain.com:5001" );
来自客户端浏览器的错误:
Error from the client browser:
推荐答案
这是我在快速申请中使用的允许多个来源的
Here is what I use in my express application to allow multiple origins
app.use(function(req, res, next) {
var allowedOrigins = ['http://127.0.0.1:8020', 'http://localhost:8020', 'http://127.0.0.1:9000', 'http://localhost:9000'];
var origin = req.headers.origin;
if(allowedOrigins.indexOf(origin) > -1){
res.setHeader('Access-Control-Allow-Origin', origin);
}
//res.header('Access-Control-Allow-Origin', 'http://127.0.0.1:8020');
res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.header('Access-Control-Allow-Credentials', true);
return next();
});
这篇关于在Node.js中为多个域启用Access-Control-Allow-Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!