问题描述

Am试图使用像这样的CORS模块配置在Node Js中全局设置Access-Control-Allow-Credentials标头

Am trying to set Access-Control-Allow-Credentials header globally in Node Js using the CORS module configuration like this

`var cors = require('cors');
 var corsOptions = {
     origin: true,
     'Access-Control-Allow-Origin': 'localhost:1550'
     'Access-Control-Allow-Credentials': 'true'
 };

app.use(cors(corsOptions));`

这似乎不起作用，所以我也为尝试设置飞行前响应的路线设置了它.我这样设置

This doesn't seem to work so I set it too for the route am trying to set a preflight response for. I set it like this

`router.options('/login', cors(corsOptions));`

我检查了Chrome开发者工具，发现设置了 Access-Control-Allow-Origin 标头，但未设置 Access-Control-Allow-Credentials .我需要此标头，因为我已在Angular中设置了 withCredentials = true .

I check on Chrome Developer Tools and I see Access-Control-Allow-Origin header is set but not Access-Control-Allow-Credentials. I need this header since I have set withCredentials = true in Angular.

为什么Node JS不设置Access-Control-Allow-Credentials标头，却设置其他标头?

Why is Node JS not setting Access-Control-Allow-Credentials header yet it sets the others?

我知道这是因为在控制台中出现以下错误

I know this because am getting the following error in console

XMLHttpRequest无法加载http://www.localhost:1550/api/v1/auth/login.对预检请求的响应未通过访问控制检查:凭据标志为"true"，但"Access-Control-Allow-Credentials"标头为.允许使用凭据必须为"true".因此，不允许访问来源"http://127.0.0.1:1550".

推荐答案

我认为您没有正确设置配置.就像在文档中一样

I think you are not setting the configurations correctly. As in the documentation

https://www.npmjs.com/package/cors#configuration-options

 var corsOptions = {
 origin: 'localhost:1550',
 credentials : true
}

这将设置凭据头.当Origin设置Access-Control-Allow-Origin时，凭据设置Access-Control-Allow-Credentials.

this will set the credentials header. As Origin sets Access-Control-Allow-Origin and credentials sets Access-Control-Allow-Credentials.

这篇关于节点JS CORS模块未设置Access-Control-Allow-Credentials标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！