3

我在 Firefox 和 Chrome 中遇到 CORS 错误,但在 cURL 中没有。这是我的卷曲:

curl -H "Origin: http://mymachine:8080" https://wamoyo.cloudant.com/simpsons -v

这是我的命令,这是输出:

* Hostname was NOT found in DNS cache
*   Trying 184.173.163.133...
* Connected to wamoyo.cloudant.com (184.173.163.133) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*    subject: C=US; ST=Massachusetts; L=Boston; O=Cloudant, Inc.; OU=Engineering; CN=*.cloudant.com
*    start date: 2013-01-29 00:00:00 GMT
*    expire date: 2016-02-19 12:00:00 GMT
*    subjectAltName: wamoyo.cloudant.com matched
*    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
*    SSL certificate verify ok.
> GET /simpsons HTTP/1.1
> User-Agent: curl/7.35.0
> Host: wamoyo.cloudant.com
> Accept: */*
> Origin: http://mymachine:8080
> 
< HTTP/1.1 200 OK
< X-Couch-Request-ID: 1efb92f7dd
* Server CouchDB/1.0.2 (Erlang OTP/R14B) is not blacklisted
< Server: CouchDB/1.0.2 (Erlang OTP/R14B)
< Date: Wed, 09 Jul 2014 18:25:37 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 362
< Cache-Control: must-revalidate
< Access-Control-Expose-Headers: content-type, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev

这是重要的一点:

< Access-Control-Allow-Origin: http://mymachine:8080

< Access-Control-Allow-Credentials: true
< 
{"update_seq":"34-g1AAAADreJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_ViI_qiZjfJqSHIBkUj1YH5plRvj05bEASYYGIAXUuj8rkQtVrylhvQcgeoH2smYBAApoT3A","db_name":"simpsons","purge_seq":0,"other":{"data_size":593},"doc_del_count":0,"doc_count":6,"disk_size":750276,"disk_format_version":5,"compact_running":false,"instance_start_time":"0"}
* Connection #0 to host wamoyo.cloudant.com left intact

好的,现在浏览器仍然返回此错误:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://wamoyo.cloudant.com/simpsons/_changes?timeout=25000&style=all_docs&feed=longpoll&since=35-g1AAAAEjeJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_VgZTIn8uUIA9zcQ81cgkCdUIY3xGJDkAyaR6qCmsEFOMkxMTUy1RTTHCZ0oeC5BkaABSQIP2g0ziApuUYpJmZmZqjmqSKWGTDkBMQnKTuVFymoFxUhYAK3pbEA&limit=25&_nonce=7YzIfmsBHKTHaGPq. This can be fixed by moving the resource to the same domain or enabling CORS.

当我运行 PouchDB 的同步或复制功能时。

PouchDB.sync('https://wamoyo.cloudant.com/simpsons/', 'simpsons', {live: true})
  .on('change', onChange)
  .on('complete', onComplete)
  .on('error', onError);

function onChange (info) {
  alert('onChange running');
}
function onComplete (info) {
  alert('onComplete running');
}
function onError (err) {
  alert('onError ' + err);
}
4

1 回答 1

2

CORS is applicable only in a browser context. So, for it to work with PouchDB, you have to set the CouchDB CORS Headers to allow whatever domain you are accessing it from.

CORS is a security feature meant only for browsers. Browsers try to protect the users from the website which otherwise may make AJAX requests to other domains.

For example: when you are on stackoverflow.com and if it tries to make a AJAX request to mail.google.com, then your browser has a reason to believe that this may not be allowable by mail.google.com. Hence, it asks mail.google.com through a OPTIONS request to tell if stackoverflow.com is white-listed to make that particular request. If it does, then browser allows the actual request. Otherwise, it will block it as an error.

Now, as far as curl or any other non-browser request tool is concerned, they work differently. They are a representative of you and hence it is assumed that you would not be doing anything wrong to yourself.

于 2014-07-17T12:00:04.903 回答