我有一个Express服务器作为我的对话流聊天机器人的后端,当我从同一主机访问时,我请求API没有问题,但当我从拥有web应用程序的Firebase主机访问时时,我无法请求任何内容,因为CORS头没有被添加,即使我添加了它们。这是代码:
// Sends static files from the public path directory
app.use(express.static(path.join(__dirname, '/Public')))
// Set Server Config
app.use(bodyParse.urlencoded({
extended: true
}));
app.use(bodyParse.json());
app.use(helmet.frameguard());
app.use(function (request, response, next) {
// Website you wish to allow to connect
// Request methods you wish to allow
response.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
// Request headers you wish to allow
response.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
response.setHeader("Access-Control-Allow-Origin", 'https://newagent-249c5.web.app/');
// Pass to next layer of middleware
next();
});
// Configure Routes
app.use('/api', apiRoutes);
// Server index.html page when request to the root is made
app.get('/', function (request, response, next) {
response.sendFile('./Public/index.html');
});
var server = app.listen(8080, function () {
var host = server.address().address;
var port = server.address().port;
console.log("server listening at http://%s:%s", host, port);
});
这是跨原点
这是我从同一来源访问时的标题
对于CORS,最重要的是Access Control Allow Origin标头,并且请求的客户端具有与该标头值相等的主机。您可以在本地非常简单地测试,在3000端口上启动简单的express服务器,并在其他端口上将index.html与另一个服务器express或nginx一起提供。然后将index.html中的请求添加到第一个服务器,并尝试在这个简单的示例中修复CORS。