Haskell 使用wai CORS正确配置CORS
我正在努力使用Servant和CORS配置:我正在通过Servant公开和API,我有以下配置:Haskell 使用wai CORS正确配置CORS,haskell,cors,servant,Haskell,Cors,Servant,我正在努力使用Servant和CORS配置:我正在通过Servant公开和API,我有以下配置: -- Wai application initialization logic initializeApplication :: IO Application initializeApplication = do let frontCors = simpleCorsResourcePolicy { corsOrigins = Just ([pack "https://xxxx.clou
-- Wai application initialization logic
initializeApplication :: IO Application
initializeApplication = do
let frontCors = simpleCorsResourcePolicy { corsOrigins = Just ([pack "https://xxxx.cloudfront.net"], True)
, corsMethods = ["OPTIONS", "GET", "PUT", "POST"]
, corsRequestHeaders = simpleHeaders }
return
$ cors (const $ Just $ frontCors)
$ serve (Proxy @API)
$ hoistServer (Proxy @API) toHandler server
当我通过Chromium(通过复制和粘贴)执行类似的查询时:
它可以工作,但如果我在开发人员控制台中复制粘贴fetch查询:
fetch("https://api.xxx", {
"headers": {
"accept": "application/json, text/plain, */*",
"authorization": "Bearer XXX=="
},
"referrer": "https://xxx.cloudfront.net/",
"referrerPolicy": "no-referrer-when-downgrade",
"body": null,
"method": "GET",
"mode": "cors",
"credentials": "include"
});
我得到:
> Access to fetch at 'https://api.xxx' from origin 'https://xxx.cloudfront.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
polyfills-es2015.3eb4283ca820c86b1337.js:1 GET https://api.xxx net::ERR_FAILED
e.fetch @ polyfills-es2015.3eb4283ca820c86b1337.js:1
> (anonymous) @ VM20:1
> x:1 Uncaught (in promise) TypeError: Failed to fetch
有什么提示吗?特别是为什么它在卷曲中有效而不在铬中有效?
提前感谢。这是CORS的一个基本问题,事实上,发送
授权
而不在CORSRequeaders
中会导致请求被拒绝
我应该写:
, corsRequestHeaders = ["Authorization", "Content-Type"]
试试这个:
curl'https://api.xxx/'-X选项…
。
, corsRequestHeaders = ["Authorization", "Content-Type"]