允许对https://accounts.spotify.com/api/token端点的前端JavaScript POST请求 [英] Allowing frontend JavaScript POST requests to https://accounts.spotify.com/api/token endpoint
问题描述
为了在我的Web应用程序中获得Spotify API的访问令牌(由其Web授权流程指定),我了解到必须发出POST请求.但是,这样做时,由于跨域问题,我得到了XMLHttpRequest 500 Error.
In order to get an access token for the Spotify API in my web app (as specified by their Web Authorization Flow), I've learned that I have to make a POST request. However, when I do so, I get the XMLHttpRequest 500 Error due to the cross-origin problem.
我已经弄清楚了如何允许CORS GET请求,但是不确定如何对POST请求执行相同的操作. 此链接提供了配置提示,但GET和POST的实际路由留为空白
I have already figured out how to allow CORS GET requests, but am not sure how to do the same for POST requests. This link provides configuration tips, but it leaves the actual routes for GET and POST blank.
这是我的Express.js服务器的相关代码:
This is the relevant code for my Express.js server:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
app.use(express.static(__dirname + '/public')); // looks in public directory, not root directory (protects files)
app.get('/', function(req, res) {
// res.header("Access-Control-Allow-Origin", "*");
// res.header("Access-Control-Allow-Headers", "X-Requested-With");
res.send(__dirname + '\\index.html')
});
app.post('/', function(req, res) {
res.send(req.body.spotify);
});
(spotify是spotify-web-api-js节点模块).
我以前曾尝试将app.get的确切代码复制到app.post中,但这导致服务器崩溃.
I've previously tried copying the exact code for app.get into app.post, but that caused the server to crash.
这是我程序的JavaScript文件中的代码,用于在用户单击将其带到Spotify的授权路径的开头并批准登录的按钮之后,发送一个POST请求:
This is the bit of code in my program's JavaScript file that intends to send a POST request after the user clicks on a button that takes them to the start of Spotify's authorization path and approves the sign-in:
$('#spotify').on('click', function() {
$.support.cors = true;
$.post("https://accounts.spotify.com/api/token");
});
(在这种情况下,spotify是HTML文件中按钮的ID)
(in this case, spotify is the ID for the button in the HTML file)
在这种情况下,我应该怎么做才能绕开CORS问题?我已经难过了几天.
What should I do to bypass the CORS issue in this case? I've been stumped for a few days.
推荐答案
You can find an example of using express to perform the authentication flow with Spotify on https://github.com/spotify/web-api-auth-examples (see the authorization_code approach).
您无法获得向/api/token发出客户端请求的访问令牌.您需要向/authorize发出请求,该请求将重定向到您的redirect_uri,该请求本身将与访问令牌交换code.
You can't get an access token making a client-side request to /api/token. You need to make a request to /authorize, which will redirect to your redirect_uri, which itself will exchange a code with an access token.
检查该示例,该示例应满足您的需求.
Check that example, which should cover your needs.
这篇关于允许对https://accounts.spotify.com/api/token端点的前端JavaScript POST请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
