访问控制允许来源被拒绝 Spotify api [英] Access-Control-Allow-Origin denied spotify api
问题描述
我正在尝试像这样访问 Spotify API 令牌:
I'm trying to access to the Spotify API token like so:
$.ajax({
url: "https://accounts.spotify.com/api/token",
type: 'POST',
contentType: "application/json; charset="utf-8"",
crossDomain: true,
data: {
grant_type: "authorization_code",
code: code,
redirect_uri: "http://www.bancadigital.com.br/spotifyteste/callback.html"
},
processData: false,
dataType: "json",
headers: {
Authorization: "Basic " + utf8_to_b64(key)
},
success: function( response ) {
alert(response.access_token);
},
});
但服务返回以下错误:
XMLHttpRequest 无法加载 https://accounts.spotify.com/api/token.请求的资源上不存在Access-Control-Allow-Origin"标头.Origin 'http://www.bancadigital.com.br' 因此不允许访问.
XMLHttpRequest cannot load https://accounts.spotify.com/api/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.bancadigital.com.br' is therefore not allowed access.
有谁知道我如何访问该服务?
Does anyone know how I can access the service?
推荐答案
https://accounts.spotify.com/api/token
的请求需要在服务器端进行,而不是作为AJAX 请求.
The request to https://accounts.spotify.com/api/token
needs to be made server side and not as an AJAX request.
这样,您的 key
(包含您的应用程序的凭据)就不会暴露.此外,Spotify 服务器将能够将请求与访问令牌一起重定向到 redirect_uri
.
This way your key
, which contains the credentials for your application, won't be exposed. Also, the Spotify server will be able to redirect the request to the redirect_uri
together with the access token.
另一种方法是使用 隐式授权流程可以在客户端运行所有内容,但您不会获得刷新令牌.
An alternative is to use the implicit grant flow where you can run everything client side, but you will not get a refresh token.
我建议您查看 Spotify Web API 授权指南,检查带有身份验证示例的GitHub repo 并查看库和包装器,可以更轻松地实现 OAuth 流程.
I would recommend you to review the Spotify Web API Authorization Guide, check the GitHub repo with auth examples and take a look at the libraries and wrappers that make it easier to implement the OAuth flow.
这篇关于访问控制允许来源被拒绝 Spotify api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!