问题描述
我想允许我的服务器允许两个不同的域读取数据而不会出现CORS问题。
I want to allow my server to let two different domains read data without getting a CORS issue.
因此,我在node.js中编写了以下代码行:
Therefore, I wrote the following code line (in node.js):
app.use(function(req, res, next){
res.header("Access-Control-Allow-Origin", ["http://ServerA:3000", "http://ServerB:3000"]);
res.header("Access-Control-Allow-Headers", "*");
next();
});
但是,当我通过浏览器发送请求时,出现错误:
However, when I sent the request by the browser I got the error:
我的问题是如何为多个来源定义 Access-Control-Allow-Origin。我不想使用 *,因为它太宽松了。
My question is how to define 'Access-Control-Allow-Origin for more than one origin. I don't want to use '*' because it is too liberal.
推荐答案
您需要使用配置文件中的内容检查当前来源:
You need to check your current origin with the ones that you have in the config:
let allowedOrigins = ["http://ServerA:3000", "http://ServerB:3000"]
let origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.header("Access-Control-Allow-Origin", origin); // restrict it to the required domain
}
标头只期望起源或通配符,这就是为什么它对您不起作用的原因
The header expects only one value of the origin, or a wildcard sign, that's why it's not working for you
这篇关于CORS问题:“ Access-Control-Allow-Origin”标头不得包含多个值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!