Node.js NestJS Graphql CORS:通过远程主机访问API时出现问题,而在本地主机上正常工作
我目前正试图在Google Cloud Run上使用Graphql部署我的NestJS服务器。我还有一个React应用程序,作为客户端使用,我托管在Netlify上 但是,当我尝试运行此操作时,控制台中出现以下CORS(跨源资源共享)错误:Node.js NestJS Graphql CORS:通过远程主机访问API时出现问题,而在本地主机上正常工作,node.js,graphql,cors,nestjs,netlify,Node.js,Graphql,Cors,Nestjs,Netlify,我目前正试图在Google Cloud Run上使用Graphql部署我的NestJS服务器。我还有一个React应用程序,作为客户端使用,我托管在Netlify上 但是,当我尝试运行此操作时,控制台中出现以下CORS(跨源资源共享)错误: Access to fetch at 'https://google-cloud.run.app/graphql' from origin 'https://myapp.netlify.app' has been blocked by CORS policy
Access to fetch at 'https://google-cloud.run.app/graphql' from origin 'https://myapp.netlify.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
我的NestJS应用程序配置如下所示:
// {cors: true}
const app = await NestFactory.create(AppModule);
app.enableCors({
origin: true,
credentials: true,
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
});
@Module({
controllers: [],
imports: [
...,
GraphQLModule.forRootAsync({
useFactory: (configService) => {
const playground = configService.get("GRAPHQL_PLAYGROUND");
const introspection = configService.get("GRAPHQL_INTROSPECTION");
return {
autoSchemaFile: true,
playground,
introspection: playground || introspection,
cors: {
credentials: true,
origin: true,
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
},
context: ({req}) => {
return {req};
},
installSubscriptionHandlers: true
};
},
inject: [ConfigService],
imports: [ConfigModule]
}),
...
在另一篇stackoverflow文章中,我看到GraphQL CORS配置覆盖了NestJS CORS配置,因此我也将CORS逻辑添加到GraphQLapp.module.ts
中,如下所示:
// {cors: true}
const app = await NestFactory.create(AppModule);
app.enableCors({
origin: true,
credentials: true,
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
});
@Module({
controllers: [],
imports: [
...,
GraphQLModule.forRootAsync({
useFactory: (configService) => {
const playground = configService.get("GRAPHQL_PLAYGROUND");
const introspection = configService.get("GRAPHQL_INTROSPECTION");
return {
autoSchemaFile: true,
playground,
introspection: playground || introspection,
cors: {
credentials: true,
origin: true,
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
},
context: ({req}) => {
return {req};
},
installSubscriptionHandlers: true
};
},
inject: [ConfigService],
imports: [ConfigModule]
}),
...
当我从localhost
运行客户端时,当直接连接到Google Cloud run容器时,此时一切正常,并且我没有收到任何CORS错误。我正在使用Apollo GraphQL客户端发出API请求
然而,当我使用Netlify客户端时,我会遇到上面提到的CORS问题
有没有办法解决这个问题?这是一个网络问题吗?这是谷歌云运行的问题吗?或者我是否遗漏了CORS的标题?您是否尝试过浏览Mozilla的CORS页面?这可能会帮助你更多地了解这个话题。这是链接。您的graphql服务器是否启用了某种IP安全性?可能您的本地IP已授权,但您的应用程序服务器IP已授权not@DesireKaleba是的,我查了好几个小时了。我现在也在更深入地研究推荐人策略(在推荐的策略中,似乎有一个
严格的来源,当跨来源标题时,我猜不应该有这个标题?可能是由于netlify)@JonathanCrowe No不幸的是,cloudrun没有启用IP授权(不幸的是,因为我可以在那里挖掘…):/I当我访问该图形应用程序时,出现SSL错误。也许解决这个问题会解决你的问题