我有以下系统组件中间件配置,其中我使用ring.middleware包装cors,以允许重定向到外部服务器:
(defn config []
{:http-port (Integer. (or (env :port) 5000))
:middleware [[wrap-defaults api-defaults]
wrap-with-logger
wrap-gzip
ignore-trailing-slash
[wrap-reload {:dir "../../src"}]
[wrap-trace :header :ui]
wrap-params
wrap-keyword-params
wrap-cookies
[wrap-cors :access-control-allow-headers #{"accept"
"accept-encoding"
"accept-language"
"authorization"
"content-type"
"origin"}
:access-control-allow-origin [#"https://some-url"]
:access-control-allow-methods [:delete :get
:patch :post :put]]
]})
这应该在每个响应中插入标头。但是,根据客户端的请求,重定向到https://some-url,我在客户端浏览器中得到以下错误:
Access to XMLHttpRequest at 'https://someurl' (redirected from 'http://localhost:5000/some-uri') from origin 'http://localhost:5000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
尽管添加了中间件,为什么响应中没有正确的头?
--编辑--
我也尝试过[混乱的中间件.cors]包装cors中间件,比如
(defn config []
{:http-port (Integer. (or (env :port) 5000))
:middleware [[wrap-defaults api-defaults]
wrap-with-logger
wrap-gzip
ignore-trailing-slash
[wrap-reload {:dir "../../src"}]
[wrap-trace :header :ui]
wrap-params
wrap-keyword-params
wrap-cookies
[wrap-cors #".*"]
]})
并使用类似的解放者添加了标题:
(defresource some-route [redirect-uri]
:available-media-types ["application/json"]
:allowed-methods [:post]
:post-redirect? true
:as-response (fn [d ctx]
;; added headers
(-> (as-response d ctx)
(assoc-in [:headers "Access-Control-Allow-Origin"] "*")
(assoc-in [:headers "Access-Control-Allow-Headers"] "Content-Type")
)
)
;; redirect uri
:location redirect-uri
)
但仍然获取请求的资源上存在""No"Access Control Allow Origin"标头。"错误
将此库尝试为(wrap-cors):[jumblerg/ring-cors "2.0.0"]
像这样:(wrap-cors your-routes identity)
注意,第三个参数是一个函数,用于确定是否允许来源(或reg exp列表(
不过,你可能需要添加一条手动路线:
(OPTIONS "/yourendpoint" req {:headers {"Access-Control-Allow-Headers" "*"}})