Node.js 为什么CORS策略会从我的API中阻止我的ip?
当我在生产中向我的api发出请求时,我得到了这个错误Node.js 为什么CORS策略会从我的API中阻止我的ip?,node.js,express,cors,angular5,Node.js,Express,Cors,Angular5,当我在生产中向我的api发出请求时,我得到了这个错误 Access to XMLHttpRequest at 'http://...:300/api/ext/companies/sort=%22code%22:-1&limit=1' from origin 'http://...:90' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It
Access to XMLHttpRequest at 'http://...:300/api/ext/companies/sort=%22code%22:-1&limit=1' from origin
'http://...:90' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization, Database');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
res.header('Allow', 'GET, POST, OPTIONS, PUT, DELETE');
next();
});
const express = require("express");
const express = require("express").use("*", cors());
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization, Database');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
res.header('Allow', 'GET, POST, OPTIONS, PUT, DELETE');
next();
});
这是因为在某些情况下(并非所有情况下),浏览器将拒绝接受Access Control Allow Origin值*。CORS在服务器上的正确实现是检查来源和引用字段,如果存在,将值放回访问控制允许来源(在这里,您可以检查请求的网站是否确实被允许与您交谈)。Ncmettin的答案为您提供了一个很好的插件,它可以在express中自动为您实现这一点,但这就是原因所在