在我的EVE配置中,我定义了SCHEMA_ENDPOINT='schema',这样当我在api_root/schema/resource执行获取时,我就可以获得该资源的模式。我还有X_DOMAINS='*',所以当我在api_root/resource/item上调用get时,我会得到从任何域调用API时调用的项。这两者现在分别工作。
然而,如果我调用api_root/schema/resource,甚至仅调用api_root/schema,这将为我提供所有资源的模式,而CORS发送OPTIONS预检请求,则它在预检请求上失败。因此,当我在不同于API所在域的域上进行ajax调用时,我会在chrome:中收到以下错误消息
XMLHttpRequest cannot load http://api.dev:5000/v1/schema/resource. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.dev:5002' is therefore not allowed access.
现在,我对任何其他使用CORS的呼叫都没有这个问题。就像我说的,我在呼叫api_root/resource时没有这个问题。所以我不认为这是客户的问题。是否有某种服务器端实现可以让模式端点与CORS一起工作?
更新:
所以问题是当发送OPTIONS而不是GET时。例如:
$ curl -I -X OPTIONS -H "Origin: test.com" 'http://127.0.0.1:5000/v1/schema/order' --verbose
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
> OPTIONS /v1/schema/order HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:5000
> Accept: */*
> Origin: http://test.com
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: text/html; charset=utf-8
< Allow: HEAD, OPTIONS, GET
< Content-Length: 0
< Server: Eve/0.6.2.dev0 Werkzeug/0.10.4 Python/2.7.6
< Date: Mon, 11 Jan 2016 16:57:39 GMT
我用CORS测试了SCHEMA_ENDPOINT,一切似乎都如预期一样。在我的设置中,我有:
X_DOMAINS = '*'
SCHEMA_ENDPOINT = 'schema'
我的飞行前请求:
curl -H "Origin: http://test.com" --verbose http://localhost:5000/schema
> GET /schema/contacts HTTP/1.1
> Host: localhost:5000
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://test.com
< HTTP/1.0 200 OK
< Access-Control-Allow-Origin: http://test.com
< Vary: Origin
< Access-Control-Allow-Headers:
< Access-Control-Expose-Headers:
< Access-Control-Allow-Methods: HEAD, OPTIONS, GET
< Access-Control-Allow-Max-Age: 21600
< Server: Eve/0.6.2.dev0 Werkzeug/0.10.4 Python/2.7.8
/schema/resource也是如此。请注意,-Headers是空的,因为在我的测试中我没有设置任何X_HEADERS或X_EXPOSE_HEADERS。
编辑:在您更新后,我发现问题是OPTIONS。它已在上游进行了修复,并将与v0.6.2一起发布。