来自 origin 'xxx' 已被 CORS 政策阻止: [英] from origin 'xxx' has been blocked by CORS policy:

问题描述

我正在尝试来自浏览器的最基本的 get 请求，但由于 COR 问题而失败.

I'm trying the most basic get request from the browser and it fails due to CORs issues.

axios.get(
  "https://github.com/login/oauth/authorize?client_id={ID}"
);

难道就不能从浏览器发出这个请求吗?我试图了解如何单击按钮并使此链接起作用.

Is it just not possible to make this request from the browser? I'm trying to understand how it's possible to click a button and have this link work.

from origin 'http://localhost:3001' 已被 CORS 策略阻止:没有 'Access-Control-Allow-Origin' 标头存在于请求的资源上.

from origin 'http://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

推荐答案

简单的答案是NO.

未经服务器许可，您不能调用任何端点(不同来源).

You can't call any endpoint (different origin) without server's permission.

它被称为 CORS (跨域资源共享).一方面，它是浏览器安全性.浏览器会阻止您阻止此类请求.

It's called CORS (Cross-Origin Resource Sharing). In one line, it is a browser security . Browser blocks you to prevent such request.

好吧，如果您检查浏览器的网络选项卡，浏览器会使用 OPTION 方法向服务器再发送一个请求(在实际请求之前).在请求的响应中，服务器告诉浏览器它是否是有效的请求.

Well, if you check Network Tab of a browser, browser sends one more request to server (before actual request) with OPTION method. In the response of the request, server tells to browers if it's valid request or not.

更多详情，请阅读 MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

For more details, Read MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

这篇关于来自 origin 'xxx' 已被 CORS 政策阻止:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！