Facebook Oauth CORS错误 [英] Facebook Oauth CORS error

问题描述

我使用oauth2通过Facebook处理用户登录。当我在golang api中调用授权服务器时出现错误。

这是网络错误。


Fetch API无法加载https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u...=email+public_profile&state=mUi4IpdY8yF5TNVVptMNNSn8IbVSZxJXTSEFM8Zg8LM%3D。在所请求的资源上没有Access-Control-Allow-Origin头。因此，不允许原始null访问。如果不透明响应满足您的需要，请将请求的模式设置为no-cors，以禁用CORS来获取资源。


网络信息（chrome）


请求网址：https：//www.facebook.com/dialog/oauth？client_id = 1543358959292867& redirect_uri = http％3A％2F％2Flocalhost％3A7001％2FFBLogin％2FCallback& response_type = code& scope = email + public_profile& state = lkmenB4FjNOShUQzL0Gpymi1xsvauaL7TawmUjCyvI4％3D
请求方法：GET
状态码：302
远程地址：[2a03：2880：f003：c1f：face：b00c：0：25de]：443


请求标头


：authority：www.facebook.com
：method：GET
：path：/ dialog / oauth？client_id = 1543358959292867& redirect_uri = http％3A％2F％2Flocalhost％3A7001％2FFBLogin％2FCallback& ; response_type = code& scope = email + public_profile& state = KPbwnGWQoI7PHvwhJ_JvZ7RowPthjqpaDTgKVI5NHrM％3D
：scheme：https
accept：* / *
accept-encoding：gzip，deflate，sdch
accept-language：en-US，en; q = 0.8
origin：null
referer：http：// localhost：3000 /
user-agent：Mozilla / 5.0（Macintosh; Intel Mac OS X 10_11_4）AppleWebKit / 537.36（KHTML，like Gecko）Chrome / 50.0.2661.86 Safari / 537.36


函数调用服务器api。


let loginUrl =http：// localhost：7001 / FBLogin// server url
let config = {
method：'GET'，
mode：'cors'，
}
fetch（loginUrl，config）.then（response => {
...
}


Golang函数调用oauth授权服务器/ p>


func FBLogin（w http.ResponseWriter，r * http.Request）{
state，err：= hashutil。 GenerateRandomState（）
logutil.Fatal（err）
url：= config [fb]。AuthCodeURL（state）
logutil.OauthSessionLogger（state）
http.Redirect ，r，url，302）
}


我按照本指南在服务器端设置了正确的头。在Golang中设置HTTP标头

我似乎找不到错误来自哪里。 （facebook API开发者控制台，服务器代码中的回调头或者启动调用的javascript？我花了很多时间来更改服务器头，但是错误仍然存​​在CORS问题。

请求标头中的原点为null，是否需要考虑？

编辑添加no-cors模式结果。


FBLogin 302 text / html SessionActions.js？524b：35 736 B 5 ms

oauth ？client_id = 154335& redirect_uri = http％3A％2F％2Flocalhost％3A7001％2FFBLogin％2FCallback& D
302 text / html

http：// localhost：7001 / FBLogin 611 B 57 ms

login.php？skip_api_login = 1& api_key = 154335 200

这三个调用都成功，但从未重定向到oauth页面，即使它使用wireshark或tcpdump的网络跟踪可以帮助解决方案找到发生了什么或捕获http流量使用任何firefox插件捕获活页眉。

I am using oauth2 to handle a user login via facebook. The error occurs when I call the authorization server in the golang api.

Here is the network error.

Fetch API cannot load https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u…=email+public_profile&state=mUi4IpdY8yF5TNVVptMNNSn8IbVSZxJXTSEFM8Zg8LM%3D. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

network info (chrome)

Request URL:https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=lkmenB4FjNOShUQzL0Gpymi1xsvauaL7TawmUjCyvI4%3D Request Method:GET Status Code:302 Remote Address:[2a03:2880:f003:c1f:face:b00c:0:25de]:443

request headers

:authority:www.facebook.com :method:GET :path:/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=KPbwnGWQoI7PHvwhJ_JvZ7RowPthjqpaDTgKVI5NHrM%3D :scheme:https accept:*/* accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8 origin:null referer:http://localhost:3000/ user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36

Javascript function that calls server api.

let loginUrl = "http://localhost:7001/FBLogin" //server url let config = { method: 'GET', mode: 'cors', } fetch(loginUrl, config).then(response => { ... }

Golang function that calls oauth authorization server (facebook).

func FBLogin(w http.ResponseWriter, r *http.Request) { state, err := hashutil.GenerateRandomState() logutil.Fatal(err) url := config["fb"].AuthCodeURL(state) logutil.OauthSessionLogger(state) http.Redirect(w, r, url, 302) }

I set the proper headers on the server side following this guide. Setting HTTP headers in Golang

I can't seem to find where the error comes from. (facebook API developer console, the callback headers in the server code, or the javascript initiating the call? I spent a lot of time changing the server headers but the error still persists as a CORS issue.

The origin in my request header is null, is that something to consider?

edit added no-cors mode result.

FBLogin 302 text/html SessionActions.js?524b:35 736 B 5 ms
oauth?client_id=154335&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&D 302 text/html
http://localhost:7001/FBLogin 611 B 57 ms
login.php?skip_api_login=1&api_key=154335 200 All three calls were successful, but was never redirected to the oauth page even when it said so. The response type was 'opaque' with a status 0.

解决方案

a network trace using wireshark or tcpdump can help to find what's going on or capture http traffic using any firefox plugin to capture live headers.

这篇关于Facebook Oauth CORS错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！