Facebook Oauth CORS错误 [英] Facebook Oauth CORS error
问题描述
我使用oauth2通过Facebook处理用户登录。当我在golang api中调用授权服务器时出现错误。
这是网络错误。
Fetch API无法加载https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u...=email+public_profile&state=mUi4IpdY8yF5TNVVptMNNSn8IbVSZxJXTSEFM8Zg8LM%3D。在所请求的资源上没有Access-Control-Allow-Origin头。因此,不允许原始null访问。如果不透明响应满足您的需要,请将请求的模式设置为no-cors,以禁用CORS来获取资源。
网络信息(chrome)
请求网址:https://www.facebook.com/dialog/oauth?client_id = 1543358959292867& redirect_uri = http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback& response_type = code& scope = email + public_profile& state = lkmenB4FjNOShUQzL0Gpymi1xsvauaL7TawmUjCyvI4%3D
请求方法:GET
状态码:302
远程地址:[2a03:2880:f003:c1f:face:b00c:0:25de]:443
请求标头
:authority:www.facebook.com
:method:GET
:path:/ dialog / oauth?client_id = 1543358959292867& redirect_uri = http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback& ; response_type = code& scope = email + public_profile& state = KPbwnGWQoI7PHvwhJ_JvZ7RowPthjqpaDTgKVI5NHrM%3D
:scheme:https
accept:* / *
accept-encoding:gzip,deflate,sdch
accept-language:en-US,en; q = 0.8
origin:null
referer:http:// localhost:3000 /
user-agent:Mozilla / 5.0(Macintosh; Intel Mac OS X 10_11_4)AppleWebKit / 537.36(KHTML,like Gecko)Chrome / 50.0.2661.86 Safari / 537.36
函数调用服务器api。
let loginUrl =http:// localhost:7001 / FBLogin// server url
let config = {
method:'GET',
mode:'cors',
}
fetch(loginUrl,config).then(response => {
...
}
Golang函数调用oauth授权服务器/ p>
func FBLogin(w http.ResponseWriter,r * http.Request){
state,err:= hashutil。 GenerateRandomState()
logutil.Fatal(err)
url:= config [fb]。AuthCodeURL(state)
logutil.OauthSessionLogger(state)
http.Redirect ,r,url,302)
}
我按照本指南在服务器端设置了正确的头。在Golang中设置HTTP标头
我似乎找不到错误来自哪里。 (facebook API开发者控制台,服务器代码中的回调头或者启动调用的javascript?我花了很多时间来更改服务器头,但是错误仍然存在CORS问题。
请求标头中的原点为null,是否需要考虑?
编辑添加no-cors模式结果。
FBLogin 302 text / html SessionActions.js?524b:35 736 B 5 ms
oauth ?client_id = 154335& redirect_uri = http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback& D
302 text / html
http:// localhost:7001 / FBLogin 611 B 57 ms
login.php?skip_api_login = 1& api_key = 154335 200
这三个调用都成功,但从未重定向到oauth页面,即使它使用wireshark或tcpdump的网络跟踪可以帮助解决方案找到发生了什么或捕获http流量使用任何firefox插件捕获活页眉。
I am using oauth2 to handle a user login via facebook. The error occurs when I call the authorization server in the golang api.
Here is the network error.
Fetch API cannot load https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u…=email+public_profile&state=mUi4IpdY8yF5TNVVptMNNSn8IbVSZxJXTSEFM8Zg8LM%3D. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network info (chrome)
Request URL:https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=lkmenB4FjNOShUQzL0Gpymi1xsvauaL7TawmUjCyvI4%3D
Request Method:GET
Status Code:302
Remote Address:[2a03:2880:f003:c1f:face:b00c:0:25de]:443
request headers
:authority:www.facebook.com
:method:GET
:path:/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=KPbwnGWQoI7PHvwhJ_JvZ7RowPthjqpaDTgKVI5NHrM%3D
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8
origin:null
referer:http://localhost:3000/
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
Javascript function that calls server api.
let loginUrl = "http://localhost:7001/FBLogin" //server url
let config = {
method: 'GET',
mode: 'cors',
}
fetch(loginUrl, config).then(response => {
...
}
Golang function that calls oauth authorization server (facebook).
func FBLogin(w http.ResponseWriter, r *http.Request) {
state, err := hashutil.GenerateRandomState()
logutil.Fatal(err)
url := config["fb"].AuthCodeURL(state)
logutil.OauthSessionLogger(state)
http.Redirect(w, r, url, 302)
}
I set the proper headers on the server side following this guide. Setting HTTP headers in Golang
I can't seem to find where the error comes from. (facebook API developer console, the callback headers in the server code, or the javascript initiating the call? I spent a lot of time changing the server headers but the error still persists as a CORS issue.
The origin in my request header is null, is that something to consider?
edit added no-cors mode result.
FBLogin 302 text/html SessionActions.js?524b:35 736 B 5 ms
All three calls were successful, but was never redirected to the oauth page even when it said so. The response type was 'opaque' with a status 0.
oauth?client_id=154335&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&D
302 text/html
http://localhost:7001/FBLogin 611 B 57 ms
login.php?skip_api_login=1&api_key=154335 200
a network trace using wireshark or tcpdump can help to find what's going on or capture http traffic using any firefox plugin to capture live headers.
这篇关于Facebook Oauth CORS错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!