我使用下面的代码来运行我的nodejs后端服务器。Angular前端必须与服务器通信。当我在本地主机上使用它时,一切都很好。然而,当我在heroku上部署代码时,我一直得到从源'https:https://iprocopiou.com/.com'访问'heroku app link'的XMLHttpRequest已被CORS策略阻止:请求的资源上没有'Access- control - allow - origin '标头。有人知道我遗漏了什么吗?
const express = require("express");
const app = express();
const cors = require("cors");
const bodyParser = require("body-parser");
const corsOptions = {
origin: "*",
methods: ["GET","HEAD","PUT","PATCH","POST","DELETE"],
credentials: true,
preflightContinue:false
}
require("./startup/logging")();
require("./startup/routes")(app);
require("./startup/db")();
require("./startup/config")();
require("./startup/validation")();
require("./startup/prod")(app);
app.use(cors(corsOptions))
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
const port = process.env.PORT || 3000;
app.listen(port, () => console.log(`Listening on port ${port}`));
我已经尝试了几乎所有我找到的解决方案…
出于安全原因,当您想要允许和共享凭据时,您需要指定确切的URL或URL源(协议+域+端口),您不能使用*。
const corsOptions = {
origin: "https://iprocopiou.com", // or your exact URL you allow to make request
methods: ["GET","HEAD","PUT","PATCH","POST","DELETE"],
credentials: true,
preflightContinue:false
}
//...
app.use(cors(corsOptions))
您还可以在此威胁中看到更多细节CORS:当凭据标志为true时,不能在Access-Control-Allow-Origin中使用通配符