如何配置yada以允许跨源请求(Clojure)?
我的yada资源配置如下:如何配置yada以允许跨源请求(Clojure)?,clojure,cors,yada,Clojure,Cors,Yada,我的yada资源配置如下: (yada/resource {:methods {:get {:produces "text/plain" :response (fn [ctx] "Hello world!!")}}}) 一个curl-i localhost:8080/api/new返回: HTTP/1.1 200 OK X-Frame-Options: SAMEORIG
(yada/resource
{:methods {:get
{:produces "text/plain"
:response (fn [ctx]
"Hello world!!")}}})
一个curl-i localhost:8080/api/new
返回:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 13
Content-Type: text/plain
Server: Aleph/0.4.4
Connection: Keep-Alive
Date: Thu, 12 Dec 2019 18:50:42 GMT
Hello world!!
但当我添加访问控制配置以允许原点时:
(yada/resource
{:methods {:get
{:produces "text/plain"
:response (fn [ctx]
"Hello world!!")}}
:access-control {:allow-origin "*"}})
我看不到附加标题:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 13
Content-Type: text/plain
Server: Aleph/0.4.4
Connection: Keep-Alive
Date: Thu, 12 Dec 2019 18:52:32 GMT
Hello world!!
我也尝试过使用在上找到的示例,但得到了相同的结果
我看到了可怕的资源访问。。。从起源。。。已被CORS策略阻止:当我尝试从UI访问终结点时,请求的资源上不存在“Access Control Allow Origin”头
此配置中缺少什么?我可以使用以下解决方法:
(yada/resource
{:methods {:get
{:produces "text/plain"
:response (fn [ctx]
(let [response (:response ctx)
updated-response (assoc-in response [:headers] {"Access-Control-Allow-Origin" "*"})]
(prn updated-response)
updated-response))}}})
它绕过了内置的响应机制。我仍然想知道正确的方法。我认为您的配置是正确的(带有about-allowing“*”
)。我认为yada,除非请求有Origin
头:
(定义访问控制头[ctx]
(如果让[原点(进入ctx[:请求:标题“原点”)]
;...
这可能解释了curl调用与实际客户端之间的差异。请尝试curl-H“Origin:http://origin“-六http://server/endpoint
进行检查