Node.js 具有REST身份验证API的node express网站-CORS问题
我是nodejs+Express的新手,但我正在尝试构建一个非常快速的概念验证网站,允许用户通过RESTAPI进行身份验证 我遇到了CORS问题,尽管按照中的建议安装了CORS模块并使用了它,但我仍然遇到以下错误: CORS策略已阻止在xxx访问XMLHttpRequest: 对飞行前请求的响应未通过访问控制检查: “Access Control Allow Origin”标题有一个值 “”不等于提供的原点 以下是我的(简化)代码: app.js users.js 下面是视图的脚本部分,用于生成AJAX文章 homepage.ejsNode.js 具有REST身份验证API的node express网站-CORS问题,node.js,ajax,rest,express,cors,Node.js,Ajax,Rest,Express,Cors,我是nodejs+Express的新手,但我正在尝试构建一个非常快速的概念验证网站,允许用户通过RESTAPI进行身份验证 我遇到了CORS问题,尽管按照中的建议安装了CORS模块并使用了它,但我仍然遇到以下错误: CORS策略已阻止在xxx访问XMLHttpRequest: 对飞行前请求的响应未通过访问控制检查: “Access Control Allow Origin”标题有一个值 “”不等于提供的原点 以下是我的(简化)代码: app.js users.js 下面是视图的脚本部分,用于生成
如何解决这个问题以使AJAX调用正常工作?基本上,您需要允许跨站点的原始请求。您可以通过在节点服务器前面设置一些代理(如nginx)来正常设置
访问控制头,如下所示(不建议将节点直接暴露在端口80上)
如果您有expressjs,您可以使用
我曾尝试按照cors文档中的建议使用cors模块,但没有解决问题-我是否也需要更改nginx配置?理想情况下,我只想在node express中进行设置。如果您已经有了nginx,那么这就是他们需要去的地方。还要确保指定为源的域确实是部署前端的域。
const express = require('express');
const expressLayouts = require('express-ejs-layouts');
const cors = require('cors');
compression = require('compression'),
shouldCompress = (req, res) => {
if (req.headers['x-no-compression']) {
// don't compress responses if this request header is present
return false;
}
// fallback to standard compression
return compression.filter(req, res);
};
const app = express();
// EJS
app.use(expressLayouts);
app.set('view engine', 'ejs');
// Parsing related
app.use(express.urlencoded( { extended: false })); //Parse URL-encoded bodies
app.use(express.json()); //Used to parse JSON bodies
app.use(compression({
filter:shouldCompress,
threshold: 3
}));
app.use(express.static('public'));
app.disable('x-powered-by');
// Using the flash middleware provided by connect-flash to store messages in session
// and displaying in templates
const flash = require('connect-flash');
app.use(flash());
// Sessions
const session = require('express-session');
app.use(session({
secret: 'fat cat 42',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// Initialize Passport and restore authentication state, if any, from the session.
const passport = require('passport');
require ('./config/passport')(passport);
app.use(passport.initialize());
app.use(passport.session())
// Routes
app.use('/', require('./routes/index'));
app.use('/member', require('./routes/users'));
const PORT = process.env.PORT || 5000;
app.listen(PORT, console.log(`Server started on port: ${PORT}`));
const express = require('express');
const router = express.Router();
const passport = require('passport');
require ('../config/passport')(passport);
router.post('/signin', passport.authenticate('facebook', {
successRedirect : '/home',
failureRedirect : '/'
}));
module.exports = router;
$(document).ready(function(){
$('#demo').click(function(e){
$.ajax({
method: "POST",
url: "/member/signin",
data: {
"source": $(this).attr('id')
},
dataType: "json",
timeout: 5000 // 5000ms
}).done(function(data) {
// is called if request is successful
console.log('Success:' + data);
}).fail(function(jqXHR, status) {
// is called if request fails or timeout is reached
alert('Request could not complete: ' + status);
});
});
});
#nginx config
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, HEAD, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
return 204;
}
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
app.post('/signin/', function (req, res, next) {
// ....
})