Meteor应用程序中没有Access-Control-Allow-Origin错误 [英] No Access-Control-Allow-Origin error in Meteor app
问题描述
我在chrome中添加了CORS扩展名.当从本地主机调用ajax时,我得到了XML形式的响应.如果禁用了CORS扩展名,则会出现以下错误.我在这个社区中提到了很多问题.但是我无法解决我的问题.它可能重复出现,但我希望这个问题能为您带来希望.
I added CORS extension to chrome. When called ajax from localhost I got response in the form of XML. If I disabled CORS extension I got the following error. I referred so many questions in this community. But I cant't resolve my problem. It may duplicate but I'm asking this question for help with hope.
XMLHttpRequest无法加载 https://buzz.machaao.com/feed .对预检请求的响应未通过访问控制检查:在所请求的资源上不存在"Access-Control-Allow-Origin"标头.因此,不允许访问来源' http://localhost:3000 .响应的HTTP状态码为401..
XMLHttpRequest cannot load https://buzz.machaao.com/feed. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401..
我的代码是
HTTP.get('https://buzz.machaao.com/feed',{
headers: {
"Access-Control-Allow-Origin" : "*"
}
}, (err, res) => {
if(err) {
console.log(err);
}
else {
console.log(res);
}
});
推荐答案
https://buzz.machaao.com /feed 网站不会发送Access-Control-Allow-Origin
响应标头,因此您需要通过代理发出请求,就像这样:
The https://buzz.machaao.com/feed site doesn’t send the Access-Control-Allow-Origin
response header, so you need to make your request through a proxy instead—like this:
var proxyUrl = 'https://cors-anywhere.herokuapp.com/',
targetUrl = 'http://catfacts-api.appspot.com/api/facts?number=99'
HTTP.get(proxyUrl + targetUrl,
(err, res) => {
if(err) {
console.log(err);
}
else {
console.log(res);
}
});
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS 解释了为什么浏览器不允许您从Web应用程序中运行的前端JavaScript代码访问响应跨域,除非响应包含Access-Control-Allow-Origin
响应标头.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS explains why browsers won’t let you access the response cross-origin from frontend JavaScript code running in a web app unless the response includes an Access-Control-Allow-Origin
response header.
https://buzz.machaao.com/feed 没有Access-Control-Allow-Origin
响应标头,因此您的前端代码无法访问响应跨域.
https://buzz.machaao.com/feed has no Access-Control-Allow-Origin
response header, so there’s no way your frontend code can access the response cross-origin.
您的浏览器可以很好地获得响应,甚至可以在浏览器devtools中看到它-但是,除非它具有Access-Control-Allow-Origin
响应标头,否则您的浏览器不会将其公开给您的代码.因此,您必须改为使用代理来获取它.
Your browser can get the response fine and you can even see it in browser devtools—but your browser won’t expose it to your code unless it has a Access-Control-Allow-Origin
response header. So you must instead use a proxy to get it.
代理向该站点发出请求,获取响应,添加Access-Control-Allow-Origin
响应标头和所需的任何其他CORS标头,然后将其传递回您的请求代码.并且添加了Access-Control-Allow-Origin
标头的响应就是浏览器看到的内容,因此浏览器可以让您的前端代码实际访问响应.
The proxy makes the request to that site, gets the response, adds the Access-Control-Allow-Origin
response header and any other CORS headers needed, then passes that back to your requesting code. And that response with the Access-Control-Allow-Origin
header added is what the browser sees, so the browser lets your frontend code actually access the response.
这篇关于Meteor应用程序中没有Access-Control-Allow-Origin错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!