我已经在这个问题上纠结了好几天了,似乎找不到解决办法。提前感谢你的帮助。我在索引文件中配置了 CORS 权限,如下所示:const corsO...
我已经被这个问题困扰了好几天了,似乎找不到解决办法。提前感谢你的帮助。
我在索引文件中配置了 CORS 权限,如下所示:
const corsOptions = {
origin: process.env.CORS_ORIGIN,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'Pragma', 'Cache-Control'],
credentials: true
};
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', process.env.CORS_ORIGIN);
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Pragma, Cache-Control');
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.setHeader('Pragma', 'no-cache');
res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
console.log('CORS headers:', res.getHeaders());
next();
});
app.options('*', (req, res) => {
res.setHeader('Access-Control-Allow-Origin', process.env.CORS_ORIGIN);
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Pragma, Cache-Control');
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.sendStatus(204);
});
app.use((req, res, next) => {
res.on('finish', () => {
const headers = res.getHeaders();
console.log('CORS headers:', headers);
console.log('Access-Control-Allow-Origin:', headers['access-control-allow-origin']);
console.log('Access-Control-Allow-Methods:', headers['access-control-allow-methods']);
console.log('Access-Control-Allow-Headers:', headers['access-control-allow-headers']);
console.log('Pragma:', headers['pragma']);
console.log('Cache-Control:', headers['cache-control']);
});
next();
});
(注意:corsOptions 目前未被使用,因为我已经做了大量测试。)
尽管如此,我仍然收到以下错误:
从来源“https://myapp.app”访问“https://api.myapp.app/user/me”处的 XMLHttpRequest 已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
我还配置了两个 Nginx 配置以确保它们不处理 CORS:
api.myapp.app:
server {
listen 80;
server_name api.myapp.app;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api.myapp.app;
ssl_certificate /etc/letsencrypt/live/api.myapp.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.myapp.app/privkey.pem;
ssl_dhparam /etc/nginx/ssl-dhparams.pem;
location /api/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
myapp.app:
server {
listen 80;
server_name myapp.app;
# Redirect to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name myapp.app;
root /home/myapp/frontend/preview/browser;
index index.html;
ssl_certificate /etc/letsencrypt/live/myapp.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.app/privkey.pem;
ssl_dhparam /etc/nginx/ssl-dhparams.pem;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
我真的找不到任何解决方案。我尝试了几种方法:通过 Nginx 重新启用标头导致出现多个值(back + nginx)的问题。我还通过后端禁用了 CORS 管理,但随后出现了 pragma 标头未传输的问题……
顺便问一下,Nginx 和 Node.js 处理 CORS 有什么区别?
非常感谢你的帮助,我已经为此苦苦挣扎了好几天......