我需要从服务器接收响应头中的 Access-Control-Allow-Origin: * 的权限。某些端点继续收到 CORS 错误:“对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。”
下面的设置适用于某些端点,但不适用于所有端点,这是一个不起作用的示例
使用 OAuth2.0 进行授权,在 POSTMAN 测试中使用访问令牌成功响应
在前端的 axios 调用的标头中传递访问令牌(使用域、客户端 id、受众、redirectUri 配置)
// get token
auth0Client = new Auth0Client({
redirectUri: window.location.origin,
audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`,
client_id: process.env.REACT_APP_AUTH_CLIENTID,
domain: process.env.REACT_APP_AUTH_DOMAIN
})
const token = await auth0Client.getTokenSilently({
audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`
});
// here is the axios call
axios.get(shippingServicesApi.shippingRates, { headers: { Authorization: `Bearer ${token}`}})
.then(response => {
setShippingRates(response.data);
})
.catch(e => console.log(e));
- 在 NodeJs 端点,通过函数允许 CORS 策略(尝试将 Access-Control-Allow-Method 更改为 'GET' 并将 Access-Control-Allow-Headers 更改为 'Origin, X-Requested-With, Content-Type, Accept, Authorization ' 从 '*')
// Retrieves one shipping rate based on a requested ID, or all rates without a passed ID
const exportFunction = async (req, res) => {
res.set('Access-Control-Allow-Origin', '*');
res.set('Access-Control-Allow-Methods', '*');
const connection = await makeConnection();
connection.connect();
const shippingRateId = req.query.shippingRateId;
if (req.method === 'OPTIONS') {
// Send response to OPTIONS requests
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', '*');
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Max-Age', '3600');
res.status(204).send('');
} else {
//If an ID was passed, find the rate with that ID
if (shippingRateId !== undefined) {
connection.query(`SELECT * FROM ShippingRate WHERE ShippingRateId = ${shippingRateId}`, (error, response) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Allow-Methods', '*');
if(error) {
res.status(400).send(error);
}
res.status(200).send(response);
})
}
//If no ID is passed, return all shipping rates
else {
connection.query(`SELECT * FROM ShippingRate `, (error, response) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Allow-Methods', '*');
if(error) {
res.status(400).send(error);
}
res.status(200).send(response);
})
}}
connection.end();
};
在 GCP Api 网关的 endpoint.yaml 配置中设置
swagger: '2.0'
host: {gateway url here}
x-google-endpoints:
- name: {gateway url here}
allowCors: True
securityDefinitions:
auth0_jwt:
authorizationUrl: {auth0 url}/authorize
flow: implicit
type: oauth2
x-google-issuer: {auth0 url}
x-google-jwks_uri: {auth0 url}/.well-known/jwks.json
x-google-audiences: {auth0 url}/api/v2/
schemes:
- https
produces:
- application/json
path:
/shippingRates:
options:
summary: handleoptions for shippingRates
operationId: handleoptionsshippingRates
x-google-backend:
address: {Cloud Function Trigger URL}
security:
- auth0_jwt: []
responses:
'200':
description: A successful response
schema:
type: object
post:
summary: create a shipping rate
operationId: createShippingRate
x-google-backend:
address: {Cloud Function Trigger URL}
security:
- auth0_jwt: []
responses:
'200':
description: A successful response
schema:
type: string
delete:
summary: delete a shipping rate
operationId: deleteShippingRate
x-google-backend:
address: {Cloud Function Trigger URL}
security:
- auth0_jwt: []
responses:
'200':
description: A successful response
schema:
type: string
get:
summary: Get shipping rates
operationId: getShippingRates
x-google-backend:
address: {Cloud Function Trigger URL}
security:
- auth0_jwt: []
responses:
'200':
description: A successful response
schema:
type: string
parameters:
- name: shippingRateId
in: query
description: shippingRate Id
type: integer
format: int64
patch:
summary: update shipping rates
operationId: updateShippingRate
x-google-backend:
address: {Cloud Function Trigger URL}
security:
- auth0_jwt: []
responses:
'200':
description: A successful response
schema:
type: string