Node.js CORS错误:";'的值;访问控制允许原点';响应中的头不能是通配符'*'&引用;
我在NodeJS中有一个CORS错误Node.js CORS错误:";'的值;访问控制允许原点';响应中的头不能是通配符'*'&引用;,node.js,express,Node.js,Express,我在NodeJS中有一个CORS错误 "has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by t
"has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin'
header in the response must not be the wildcard '*'
when the request's credentials mode is 'include'.
The credentials mode of requests initiated by the XMLHttpRequest
is controlled by the withCredentials attribute."
我把它放在了我的server.js中,但仍然出现了错误:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "http://localhost:3000");
res.header("Access-Control-Allow-Credentials", true);
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
next();
});
谁能帮帮我吗?谢谢这是安全的一部分,您不能这样做。如果要允许凭据,则访问控制允许源站不能使用*。不过,如果您想允许所有域,您可以简单地添加
req.header('Origin')
而不是*
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", req.header('Origin'));
res.header("Access-Control-Allow-Credentials", true);
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
next();
});
我宁愿使用官方的cors中间件来实现这一点。