我希望在我的netflix网站中强制执行来自process.env.URL的所需来源的请求。但目前我既可以cURL,也可以向Postman发出请求,并获得状态码200的响应数据。我错过什么了吗?
exports.handler = async (event, context, callback) => {
try {
let id = event.rawUrl.split("/").pop();
let response;
switch (event.httpMethod) {
case "GET":
response = await prisma.like.count({ where: { postId: parseInt(id) } });
break;
case "POST":
response = await prisma.like.create({
data: { postId: parseInt(id) },
});
break;
case "DELETE":
response = await prisma.like.delete({
where: {
id: parseInt(id),
},
});
break;
}
callback(null, {
statusCode: 200,
headers: {
"Access-Control-Allow-Origin": process.env.URL,
"Access-Control-Allow-Headers":
"Origin, X-Requested-With, Content-Type, Accept",
"Access-Control-Allow-Methods": "*",
"Content-Type": "application/json",
},
body: JSON.stringify(response),
});
return;
} catch (e) {
console.error(e);
return { statusCode: 500 };
}
};
CORS是浏览器的特性,即浏览器遵守设置。curl不关心CORS并忽略它。