Express 服务器不回复正确的 cors 标头
Posted
技术标签:
【中文标题】Express 服务器不回复正确的 cors 标头【英文标题】:Express server does not reply with proper cors headers 【发布时间】:2019-02-26 23:46:40 【问题描述】:我希望 Allow-Access-Control 标头出现在响应标头中,但我什么也没得到。我相当确定这不是我的 nginx 配置,而是我的 express 配置,但是我已经调整并将 cors 标头添加到所有可用的响应变量中。
const path = require('path');
var cors = require('cors');
var express = require('express');
var app = express();
var walk = require('walk');
var ALLfiles = [];
app.use(function(req, res, next)
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
);
app.use("/puntington", express.static("/puntington"));
app.get('/puntington', function(req, res)
//EDIT: If you need to go under subdirs: change glob to walk as said in https://***.com/questions/2727167/getting-all-filenames-in-a-directory-with-node-js/25580289#25580289
var walker = walk.walk('./puntington',
followLinks: false
);
walker.on('file', function(root, stat, next)
// Add this file to the list of files
ALLfiles.push(path.join("https://static.maxrobbins.com/images/listPuntyImages/puntington", stat.name));
next();
);
walker.on('end', function()
res.header("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods', 'DELETE, PUT, GET, POST');
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
res.send(ALLfiles);
);
);
var server = app.listen(8666, function()
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);
);
来自服务器的响应标头
Connection
keep-alive
Content-Length
169
Content-Type
text/html
Date
Sun, 23 Sep 2018 03:29:29 GMT
Server
nginx/1.15.3
nginx服务器配置
location /puntington
# auth_basic "Restricted Content";
# auth_basic_user_file /etc/nginx/sites-available/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8666/puntington;
proxy_redirect off;
# auth_basic "Restricted Content";
# auth_basic_user_file /etc/nginx/sites-available/.htpasswd;
if ($request_method = 'OPTIONS')
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
if ($request_method = 'POST')
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
if ($request_method = 'GET')
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
【问题讨论】:
在 nginx 层之外尝试会发生什么? 我现在在 Windows 中,所以无法测试。我假设同样的事情?我们是否建议您摆脱 ngi x?我需要它来处理其他服务的反向代理 响应的 HTTP 状态码是什么? 你var cors = require('cors'); 永远不要使用 cors!您只需尝试手动操作! - 也许您的(未显示)客户端代码正在触发 CORS 飞行前 - 您没有处理
你是对的。如果我这样做, $.ajax( url: 'localhost:8666/puntington', success: function(data) console.log(data) ) 它工作正常,但如果我点击 nginx 端点它会触发 CORS。为什么?
【参考方案1】:
我想通了。因为我在 nginx 和 express 中都设置了 CORS 标头,所以浏览器本身变得混乱和大便,我的意思是我在响应标头中获得了重复的 CORS 设置。通过从 nginx 站点配置中删除 CORS 标头并仅使用快速设置,一切正常。我感谢帮助男孩
【讨论】:
以上是关于Express 服务器不回复正确的 cors 标头的主要内容,如果未能解决你的问题,请参考以下文章
如何在授权标头中将带有 fetch 和 cors 的 JWT 令牌发送到 Express 服务器?
在 Node.js Express.js 服务器中添加标头后,Chrome 中仍然出现 CORS 错误