即使使用 Auth Pre-Flight 的头，Python Falcon 的 CORS 也失败 [英] CORS failure in with Python Falcon even with heads for Auth Pre-Flight

问题描述

在 Angular2 http.get(url, options) 中使用 OPTIONS 动词 时收到这些错误，即使在 Falcon Rest API 中设置了适当的 CORS 标头.

Receiving these error when using the OPTIONS verb in Angular2 http.get(url, options), even though the appropriate CORS headers are set in Falcon Rest API.

XMLHttpRequest 无法加载 http://localhost:8000/names.请求头Access-Control-Allow-Headers 中不允许字段授权飞行前响应.

XMLHttpRequest cannot load http://localhost:8000/names. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

resp.set_header("Access-Control-Allow-Origin", "*")
        resp.set_header("Access-Control-Allow-Credentials", "true")
        resp.set_header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT")
        resp.set_header("Access-Control-Allow-Headers",
                       "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers")

对于非 OPTIONS/正常的 http.get() 请求，这可以正常工作.

For non OPTIONS / normal http.get() requests this works fine.

推荐答案

使用 falcon_cors 解决了这个问题，特别是通过设置 allow_all_methods=True

Resolved this using falcon_cors, specifically by setting allow_all_methods=True

pip install falcon-cors

pip install falcon-cors

from falcon_cors import CORS

cors = CORS(allow_origins_list=['http://localhost:3000'],
            allow_all_headers=True,
            allow_all_methods=True)

api = falcon.API(middleware=[cors.middleware])

这篇关于即使使用 Auth Pre-Flight 的头，Python Falcon 的 CORS 也失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！