CORS问题:“ Access-Control-Allow-Origin”标头不得包含多个值 [英] CORS issues: The 'Access-Control-Allow-Origin' header mustn't contain multiple values
问题描述
我想允许我的服务器允许两个不同的域读取数据而不会出现CORS问题。
I want to allow my server to let two different domains read data without getting a CORS issue.
因此,我在node.js中编写了以下代码行:
Therefore, I wrote the following code line (in node.js):
app.use(function(req, res, next){
res.header("Access-Control-Allow-Origin", ["http://ServerA:3000", "http://ServerB:3000"]);
res.header("Access-Control-Allow-Headers", "*");
next();
});
但是,当我通过浏览器发送请求时,出现错误:
However, when I sent the request by the browser I got the error:
'Access-Control-Allow-Origin'标头包含多个值
' http:// ServerA:3000 , http:// ServerB:3000 ',但仅限一个是允许
。因此,不允许
访问源' http:// ServerB:3000 。
The 'Access-Control-Allow-Origin' header contains multiple values 'http://ServerA:3000, http://ServerB:3000', but only one is allowed. Origin 'http://ServerB:3000' is therefore not allowed access.
我的问题是如何为多个来源定义 Access-Control-Allow-Origin。我不想使用 *,因为它太宽松了。
My question is how to define 'Access-Control-Allow-Origin for more than one origin. I don't want to use '*' because it is too liberal.
推荐答案
您需要使用配置文件中的内容检查当前来源:
You need to check your current origin with the ones that you have in the config:
let allowedOrigins = ["http://ServerA:3000", "http://ServerB:3000"]
let origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.header("Access-Control-Allow-Origin", origin); // restrict it to the required domain
}
标头只期望起源或通配符,这就是为什么它对您不起作用的原因
The header expects only one value of the origin, or a wildcard sign, that's why it's not working for you
这篇关于CORS问题:“ Access-Control-Allow-Origin”标头不得包含多个值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!