node.js - 带有 NodeJs 端点的预检响应标头中缺少 Access-Control-Allow-Origin 的 CORS 错误

Question

我需要从服务器接收响应头中的 Access-Control-Allow-Origin: * 的权限。某些端点继续收到 CORS 错误：“对预检请求的响应未通过访问控制检查：请求的资源上不存在“Access-Control-Allow-Origin”标头。”

下面的设置适用于某些端点，但不适用于所有端点，这是一个不起作用的示例

• 使用 OAuth2.0 进行授权，在 POSTMAN 测试中使用访问令牌成功响应

• 在前端的 axios 调用的标头中传递访问令牌（使用域、客户端 id、受众、redirectUri 配置）

// get token 
auth0Client = new Auth0Client({
   redirectUri: window.location.origin,
   audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`,
   client_id: process.env.REACT_APP_AUTH_CLIENTID,
   domain: process.env.REACT_APP_AUTH_DOMAIN
})
const token = await auth0Client.getTokenSilently({
  audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`
});


// here is the axios call
axios.get(shippingServicesApi.shippingRates, { headers: { Authorization: `Bearer ${token}`}})
   .then(response => {
      setShippingRates(response.data);
   })
   .catch(e => console.log(e));

• 在 NodeJs 端点，通过函数允许 CORS 策略（尝试将 Access-Control-Allow-Method 更改为 'GET' 并将 Access-Control-Allow-Headers 更改为 'Origin, X-Requested-With, Content-Type, Accept, Authorization ' 从 '*'）

// Retrieves one shipping rate based on a requested ID, or all rates without a passed ID
const exportFunction = async (req, res) => {

    res.set('Access-Control-Allow-Origin', '*');
    res.set('Access-Control-Allow-Methods', '*');

    const connection = await makeConnection();
    connection.connect();
    
    const shippingRateId = req.query.shippingRateId;

    if (req.method === 'OPTIONS') {
        // Send response to OPTIONS requests
        res.header('Access-Control-Allow-Origin', '*');
        res.header('Access-Control-Allow-Methods', '*');
        res.header('Access-Control-Allow-Headers', '*');
        res.header('Access-Control-Max-Age', '3600');
        res.status(204).send('');
    } else {
    //If an ID was passed, find the rate with that ID
    if (shippingRateId !== undefined) {
        connection.query(`SELECT * FROM ShippingRate WHERE ShippingRateId = ${shippingRateId}`, (error, response) => {
            res.header('Access-Control-Allow-Origin', '*');
            res.header('Access-Control-Allow-Headers', '*');
            res.header('Access-Control-Allow-Methods', '*');  
            if(error) { 
                res.status(400).send(error);
            }
            res.status(200).send(response);
        })
    }

    //If no ID is passed, return all shipping rates
    else {
        connection.query(`SELECT * FROM ShippingRate `, (error, response) => {
            res.header('Access-Control-Allow-Origin', '*');
            res.header('Access-Control-Allow-Headers', '*');
            res.header('Access-Control-Allow-Methods', '*');  
            if(error) { 
                res.status(400).send(error);
            }
            res.status(200).send(response);
        })
    }}
    connection.end();
};

在 GCP Api 网关的 endpoint.yaml 配置中设置

swagger: '2.0'
host: {gateway url here}
x-google-endpoints:
- name: {gateway url here}
  allowCors: True
securityDefinitions:
  auth0_jwt:
    authorizationUrl: {auth0 url}/authorize
    flow: implicit
    type: oauth2
    x-google-issuer: {auth0 url}
    x-google-jwks_uri: {auth0 url}/.well-known/jwks.json
    x-google-audiences: {auth0 url}/api/v2/
schemes:
  - https
produces:
  - application/json
path:
 /shippingRates:
  options:
      summary: handleoptions for shippingRates
      operationId: handleoptionsshippingRates
      x-google-backend:
        address: {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: object   
    post:
      summary: create a shipping rate
      operationId: createShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
    delete:
      summary: delete a shipping rate
      operationId: deleteShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
    get:
      summary: Get shipping rates
      operationId: getShippingRates
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
      parameters:
        - name: shippingRateId
          in: query
          description: shippingRate Id
          type: integer
          format: int64
    patch:
      summary: update shipping rates
      operationId: updateShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string