Meteor应用程序中没有Access-Control-Allow-Origin错误 [英] No Access-Control-Allow-Origin error in Meteor app

问题描述

我在chrome中添加了CORS扩展名.当从本地主机调用ajax时，我得到了XML形式的响应.如果禁用了CORS扩展名，则会出现以下错误.我在这个社区中提到了很多问题.但是我无法解决我的问题.它可能重复出现，但我希望这个问题能为您带来希望.

I added CORS extension to chrome. When called ajax from localhost I got response in the form of XML. If I disabled CORS extension I got the following error. I referred so many questions in this community. But I cant't resolve my problem. It may duplicate but I'm asking this question for help with hope.

XMLHttpRequest无法加载 https://buzz.machaao.com/feed .对预检请求的响应未通过访问控制检查:在所请求的资源上不存在"Access-Control-Allow-Origin"标头.因此，不允许访问来源' http://localhost:3000 .响应的HTTP状态码为401..

XMLHttpRequest cannot load https://buzz.machaao.com/feed. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401..

我的代码是

HTTP.get('https://buzz.machaao.com/feed',{
   headers: {
      "Access-Control-Allow-Origin" : "*"
      }
        }, (err, res) => {
      if(err) {
            console.log(err);
      }
      else {
            console.log(res);
      }
    });

推荐答案

https://buzz.machaao.com /feed 网站不会发送Access-Control-Allow-Origin响应标头，因此您需要通过代理发出请求，就像这样:

The https://buzz.machaao.com/feed site doesn’t send the Access-Control-Allow-Origin response header, so you need to make your request through a proxy instead—like this:

var proxyUrl = 'https://cors-anywhere.herokuapp.com/',
    targetUrl = 'http://catfacts-api.appspot.com/api/facts?number=99'

HTTP.get(proxyUrl + targetUrl,
  (err, res) => {
    if(err) {
      console.log(err);
    }
    else {
      console.log(res);
    }
});

https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS 解释了为什么浏览器不允许您从Web应用程序中运行的前端JavaScript代码访问响应跨域，除非响应包含Access-Control-Allow-Origin响应标头.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS explains why browsers won’t let you access the response cross-origin from frontend JavaScript code running in a web app unless the response includes an Access-Control-Allow-Origin response header.

https://buzz.machaao.com/feed 没有Access-Control-Allow-Origin响应标头，因此您的前端代码无法访问响应跨域.

https://buzz.machaao.com/feed has no Access-Control-Allow-Origin response header, so there’s no way your frontend code can access the response cross-origin.

您的浏览器可以很好地获得响应，甚至可以在浏览器devtools中看到它-但是，除非它具有Access-Control-Allow-Origin响应标头，否则您的浏览器不会将其公开给您的代码.因此，您必须改为使用代理来获取它.

Your browser can get the response fine and you can even see it in browser devtools—but your browser won’t expose it to your code unless it has a Access-Control-Allow-Origin response header. So you must instead use a proxy to get it.

代理向该站点发出请求，获取响应，添加Access-Control-Allow-Origin响应标头和所需的任何其他CORS标头，然后将其传递回您的请求代码.并且添加了Access-Control-Allow-Origin标头的响应就是浏览器看到的内容，因此浏览器可以让您的前端代码实际访问响应.

The proxy makes the request to that site, gets the response, adds the Access-Control-Allow-Origin response header and any other CORS headers needed, then passes that back to your requesting code. And that response with the Access-Control-Allow-Origin header added is what the browser sees, so the browser lets your frontend code actually access the response.

这篇关于Meteor应用程序中没有Access-Control-Allow-Origin错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！