CORS问题，同时请求访问令牌+谷歌oauth 2 [英] CORS issue while requesting access token + google oauth 2

问题描述

我正在从我的客户端发送ajax电话给google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com& ; response_type = token& client_id ....'来获得访问令牌，但我得到以下错误：

I am making an ajax call from my client to the google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com&response_type=token&client_id....' to get the access token, but i get following error:

对预检请求的响应未通过访问控制检查：
'请求的
资源上存在'Access-Control-Allow-Origin'标头。原因' http://blah-blah.com '因此是不允许的
访问

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blah-blah.com' is therefore not allowed access

我希望这个调用是ajax，这样用户不会在通过 url 或 window.location.href 或换句话说，我如何获得访问令牌，以便整个页面不加载，并且是否可以解决上面的错误???

I want the call to be ajax so that the user is not disturbed when the call is made through url or window.location.href or in other words, how can i get the access token such that the whole page does not load, and is it possible to resolve the above error???

推荐答案

OAuth2 auth端点不支持AJAX设计。这是验证系统的入口点，所以你必须通过重定向到达那里。认证的结果又是一个重定向到你提供的URL，所以AJAX在这里没什么意义。

OAuth2 auth endpoint doesn't support AJAX by design. It's an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn't make much sense there.

这篇关于CORS问题，同时请求访问令牌+谷歌oauth 2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！