在Angular2 http.get(url,选项)中使用选项动词时接收这些错误,即使在Falcon Rest API中设置了相应的CORS标头。
xmlhttprequest无法加载http://localhost:8000/names。请求标题 访问权限控制者不允许现场授权 飞行前响应。
resp.set_header("Access-Control-Allow-Origin", "*")
resp.set_header("Access-Control-Allow-Credentials", "true")
resp.set_header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT")
resp.set_header("Access-Control-Allow-Headers",
"Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers")
对于非选项/普通http.get()请求此效果很好。
使用falcon_cors解决此问题,特别是通过设置 allow_all_methods = true
PIP安装Falcon-Cors
from falcon_cors import CORS
cors = CORS(allow_origins_list=['http://localhost:3000'],
allow_all_headers=True,
allow_all_methods=True)
api = falcon.API(middleware=[cors.middleware])
我在lwcolton在github的指导下尝试了
,还设置 allow_all_headers = true, allow_all_methods = true
即。类似于上述答案https://stackoverflow.com/a/42716126/248616,但还有两个参数添加
from falcon_cors import CORS
cors = CORS(
allow_all_origins=True,
allow_all_headers=True,
allow_all_methods=True,
)
api = falcon.API(middleware=[cors.middleware])
我建议为此进行文档。
另外,resp.set_header('Access-Control-Allow-Origin', '*')并不是遵循生产的好习惯。有一些白名单的起源和方法,并根据请求,如果来自白名单的起源,那么您可以在此处将相同的来源放在resp.set_header('Access-Control-Allow-Origin', req.headers["ORIGIN"])中。
以下是我喜欢的代码 -
whitelisted_origins = ["http://localhost:4200"]
whitelisted_methods = ["GET", "POST", "OPTIONS"]
class CORSComponent:
def process_request(self, req, resp):
success = False
# validate request origin
if ("ORIGIN" in req.headers):
# validate request origin
if (req.headers["ORIGIN"] in whitelisted_origins):
# validate request method
if (req.method in whitelisted_methods):
success = True
else:
# you can put required resp.status and resp.media here
pass
else:
# you can put required resp.status and resp.media here
pass
else:
# you can put required resp.status and resp.media here
pass
if success:
resp.set_header('Access-Control-Allow-Origin', req.headers["ORIGIN"])
else:
# exit request
resp.complete = True
def process_response(self, req, resp, resource, req_succeeded):
if (req_succeeded and
"ORIGIN" in req.headers and
and req.method == 'OPTIONS'
and req.get_header('Access-Control-Request-Method')
):
# NOTE: This is a CORS preflight request. Patch the response accordingly.
allow = resp.get_header('Allow')
resp.delete_header('Allow')
allow_headers = req.get_header(
'Access-Control-Request-Headers',
default='*'
)
resp.set_headers((
('Access-Control-Allow-Methods', allow),
('Access-Control-Allow-Headers', allow_headers),
('Access-Control-Max-Age', '86400'), # 24 hours
))
完成后,您可以将其添加到中间件中,例如 -
api = falcon.API(middleware=[
CORSMiddleware(),
])
如果您不想使用上述方法,则可以继续使用Falcon-Cors。
from falcon_cors import CORS
cors = CORS(
# allow_all_origins=False,
allow_origins_list=whitelisted_origins,
# allow_origins_regex=None,
# allow_credentials_all_origins=True,
# allow_credentials_origins_list=whitelisted_origins,
# allow_credentials_origins_regex=None,
allow_all_headers=True,
# allow_headers_list=[],
# allow_headers_regex=None,
# expose_headers_list=[],
# allow_all_methods=True,
allow_methods_list=whitelisted_methods
)
api = falcon.API(middleware=[
cors.middleware,
])
fyi,Falcon 2.0.0支持的方法 -
"连接"," delete"," get"," head"," options"," patch"," post"," put"," trace"