“在请求的来源上不存在'Access-Control-Allow-Origin'标头” res.redirect（“ http://www.google.com”）错误 [英] "No 'Access-Control-Allow-Origin' header present on requested origin" error for res.redirect("http://www.google.com")

问题描述

我对跨域域名请求有一个简单的任务。因此，我创建了一个示例快递应用程序，该应用程序具有到'/ redirect'的路由，它将重定向到 http://www.google.com 。在前端，我创建了一个具有onclick事件的按钮，这将请求 /重定向。

I have a simple task on cross origin domain request.So i created a sample express application that have a route to '/redirect', this will redirect to "http://www.google.com". On front end i created a button that have a onclick event , this will request the '/redirect' .

我在服务器端拥有的代码：

Code i have on server side:

app.get('/redirect',function(req,res){
  res.redirect("http://www.google.com");
})

在前端：

<html>
  <head>
    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"/>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.5.6/angular.min.js"></script>
    <script type="text/javascript">
      var app = angular.module('myApp',[]);
      app.controller('crtl',function ($scope,$http,$timeout){
        $scope.fun1 = function(){
          $http({
            method: 'GET',
            url: '/redirect'
          }).then(function successCallback(response) {
               // console.log(response.data)
               console.log("got the request for redirect");
            }, function errorCallback(response) {});
        }
      });
    </script>
  </head>
  <body ng-app="myApp" ng-controller="crtl">
    <center><br/>
      <button ng-click="fun1()" class="btn">Click Me</button>
    </center>
  </body>
</html>

推荐答案

您不能使用服务器来启用对另一个域的直接跨域访问。浏览器根本无法正常工作。浏览器要求您尝试访问的域（在您的示例中为www.google.com）是启用跨域访问的域。

You can't use your server to enable direct cross domain access to another domain. The browser simply doesn't work that way. The browser requires the domain that you are trying to access (www.google.com in your example) to be the one that enables cross domain access.

res.redirect（）只是告诉浏览器从其他来源获取内容。如果浏览器没有跨源访问权来获取该内容，则 res.redirect（）的工作不会比尝试直接访问该内容的浏览器更好。

res.redirect() just tells the browser to fetch content from a different source. If the browser doesn't have the cross origin rights to fetch that content, then res.redirect() won't work any better than the browser trying to access it directly.

您可以将交叉原点内容嵌入其自己的iframe中，并且可以在其中显示该内容，但不允许您从自己的Javascript访问该内容（对于相同的跨源原因）。

You could embed the cross origin content in its own iframe and the content could be displayed there, but you wouldn't be allowed access the content from your own Javascript (for the same cross origin reasons).

您可以从服务器代理内容，这意味着您可以要求服务器为您获取内容，然后服务器会获取该内容将其返回到浏览器（通过您的域）。这可以用于某些用途，但这取决于您要如何处理内容（您没有在问题中分享的内容）是否可以满足您的需求。

You could proxy the content from your server which means you could ask your server to get the content for you and your server would fetch it and return it to the browser (via your domain). This works for some uses, but it depends upon what you're trying to do with the content (something you don't share in your question) whether this would satisfy your needs.

这篇关于“在请求的来源上不存在'Access-Control-Allow-Origin'标头” res.redirect（“ http://www.google.com”）错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！