wrap-cors中间件不能与system.components一起使用 [英] wrap-cors middleware not working with system.components

问题描述

我有以下system.components中间件配置，其中使用了ring.middleware wrap-cors，以允许重定向到外部服务器:

I have the following system.components middleware config, in which I'm using the ring.middleware wrap-cors, to allow for redirects to an external server:

(defn config []
  {:http-port  (Integer. (or (env :port) 5000))
   :middleware [[wrap-defaults api-defaults]
                wrap-with-logger
                wrap-gzip
                ignore-trailing-slash
                [wrap-reload {:dir "../../src"}]
                [wrap-trace :header :ui]
                wrap-params
                wrap-keyword-params
                wrap-cookies
                [wrap-cors :access-control-allow-headers #{"accept"
                                                            "accept-encoding"
                                                            "accept-language"
                                                            "authorization"
                                                            "content-type"
                                                           "origin"}
                 :access-control-allow-origin [#"https://some-url"]
                 :access-control-allow-methods [:delete :get
                                                :patch :post :put]]
                ]})

这应该在每个响应中插入标头.但是，相反，根据客户端的请求，该请求导致重定向到 https://some-url ，客户端浏览器中出现以下错误:

And this is supposed to insert headers into every response. But instead, on a request from the client which leads to a redirect to https://some-url, I get the following error in the client browser:

Access to XMLHttpRequest at 'https://someurl' (redirected from 'http://localhost:5000/some-uri') from origin 'http://localhost:5000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

尽管添加了中间件，为什么响应中的标题仍然不正确?

Why aren't the correct headers in the response despite adding the middleware?

-编辑-

我也尝试过[jumblerg.middleware.cors] wrap-cors中间件，如下所示:

I've also tried the [jumblerg.middleware.cors] wrap-cors middleware like so:

(defn config []
  {:http-port  (Integer. (or (env :port) 5000))
   :middleware [[wrap-defaults api-defaults]
                wrap-with-logger
                wrap-gzip
                ignore-trailing-slash
                [wrap-reload {:dir "../../src"}]
                [wrap-trace :header :ui]
                wrap-params
                wrap-keyword-params
                wrap-cookies
                [wrap-cors #".*"]
                ]})

并使用liberator添加了标头，如下所示:

And have added the headers using liberator like so:

(defresource some-route [redirect-uri]
  :available-media-types ["application/json"]
  :allowed-methods [:post]
  :post-redirect? true
  :as-response (fn [d ctx]
                 ;; added headers
                 (-> (as-response d ctx)
                     (assoc-in [:headers "Access-Control-Allow-Origin"] "*")
                     (assoc-in [:headers "Access-Control-Allow-Headers"] "Content-Type")
                     )

                 )
   ;; redirect uri
  :location redirect-uri

  )

但是仍然会收到``请求资源上没有'Access-Control-Allow-Origin'标头.''错误

But still get the ````No 'Access-Control-Allow-Origin' header is present on the requested resource.``` error

推荐答案

尝试将此库用于(wrap-cors): [jumblerg/ring-cors "2.0.0"]

像这样: (wrap-cors your-routes identity)

请注意，第三个参数是确定是否允许原点(或正则表达式列表)的函数

Note the third parameter is a function to determine if an origin is allowed (or a list of reg exp)

您可能需要通过以下方式添加手动路线:

You might have to add a manual route though:

(OPTIONS "/yourendpoint" req {:headers {"Access-Control-Allow-Headers" "*"}})

这篇关于wrap-cors中间件不能与system.components一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！