2

我已经在 Heroku的任何地方部署(托管)cors,但我不知道如何自定义它。例如,我想在白名单中添加一个站点链接。我从这个链接获取数据:http: //fmon.asti.dost.gov.ph/dataloc.php?param=rv &dfrm=null&dto=null&numloc=1&data24=1&locs[]=711

我将如何做?我试过触摸 server.js 文件:

// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
//var port = process.env.PORT || 443;
var port = process.env.PORT || 8080;

// Grab the blacklist from the command-line so that we can update the blacklist without deploying
// again. CORS Anywhere is open by design, and this blacklist is not used, except for countering
// immediate abuse (e.g. denial of service). If you want to block all origins except for some,
// use originWhitelist instead.
var originBlacklist = parseEnvList(process.env.CORSANYWHERE_BLACKLIST);
//var originWhitelist = ['http://fmon.asti.dost.gov.ph/dataloc.php','https://fmon.asti.dost.gov.ph/dataloc.php','http://fmon.asti.dost.gov.ph','https://fmon.asti.dost.gov.ph'];
var originWhitelist = parseEnvList(process.env.CORSANYWHERE_WHITELIST);
function parseEnvList(env) {
  if (!env) {
    return [];
  }
  return env.split(',');
}

// Set up rate-limiting to avoid abuse of the public CORS Anywhere server.
var checkRateLimit = require('./lib/rate-limit')(process.env.CORSANYWHERE_RATELIMIT);

var cors_proxy = require('./lib/cors-anywhere');
cors_proxy.createServer({
  originBlacklist: originBlacklist,
  originWhitelist: originWhitelist,
  requireHeader: ['origin', 'x-requested-with'],
  checkRateLimit: checkRateLimit,
  removeHeaders: [
    'cookie',
    'cookie2',
    // Strip Heroku-specific headers
    'x-heroku-queue-wait-time',
    'x-heroku-queue-depth',
    'x-heroku-dynos-in-use',
    'x-request-start',
  ],
  redirectSameOrigin: true,
  httpProxyOptions: {
    // Do not add X-Forwarded-For, etc. headers, because Heroku already adds it.
    xfwd: false,
  },
}).listen(port, host, function() {
  console.log('Running CORS Anywhere on ' + host + ':' + port);
});

但是当我访问数据并查看控制台日志时,它会返回一个 403 错误,这是被禁止的。

4

2 回答 2

1

注意:当您说自托管 CORS 时,它仅适用于您的站点进行代理。您服务器上的 CORS 设置适用于您,而不适用于您提到的网站列表。他们将拥有自己的 CORS 过滤器设置。

403 实际上是指被禁止的资源,而不是 CORS 问题。Cors 问题将如下所示:-

请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,Origin 'yourUrl' 不允许访问。响应的 HTTP 状态代码为 400

对于 cors-anywhere,白名单代码非常简单,如下所述:-

// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
var port = process.env.PORT || 8080;

var cors_proxy = require('cors-anywhere');
cors_proxy.createServer({
    originWhitelist: ['http://fmon.asti.dost.gov.ph'], // Allow all origins
    requireHeader: ['origin', 'x-requested-with'],
    removeHeaders: ['cookie', 'cookie2']
}).listen(port, host, function() {
    console.log('Running CORS Anywhere on ' + host + ':' + port);
});

理想情况下,这应该适用于您的应用程序在某处调用它。

如果您在从应用程序访问此 URL 时收到 403,请确保您提到的 URL 受到保护,并且您必须在请求之前完成正确的身份验证。

于 2017-06-20T05:30:55.313 回答
-1

我花了 3 天时间寻找原因,发现某些网站出现 403 错误,并意识到问题可能是他们无法接受来自与他们不同的“来源”的请求。我只是尝试删除代理服务器上的这些标头,一切正常!

removeHeaders: ['origin', 'referer']
于 2021-01-15T10:51:57.887 回答