Google OAuth2:重定向已被CORS政策阻止:请求需要进行预检,不允许遵循跨域重定向 [英] Google OAuth2: Redirect has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect
问题描述
尝试实施Google OAuth2,并使用 https://github.com/google/google-google-api-nodejs-client#authorizing-and-authenticating 作为参考.将用户重定向到这样的同意页面时
Trying to implement Google OAuth2 and using https://github.com/google/google-api-nodejs-client#authorizing-and-authenticating as reference. When redirecting user to consent page like this
var url = oauth2Client.generateAuthUrl({
access_type: 'offline',
scope: some_scope
});
res.redirect(url);
我在浏览器控制台中收到此错误(链接已编辑):
I get this error in browser console (links edited):
XMLHttpRequest无法加载localhost:8080/myPageName.从本地主机重定向:8080/myPageName重定向到account.google.com/o/oauth2/auth?access_type = ...已被CORS政策阻止:请求需要进行预检,不允许遵循跨域重定向.
XMLHttpRequest cannot load localhost:8080/myPageName. Redirect from localhost:8080/myPageName to accounts.google.com/o/oauth2/auth?access_type=... has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
奇怪的是,仅当从GUI执行流时(用户按下按钮; angular2前端),我才收到此错误.当我将localhost:8080/myPageName直接放入浏览器地址栏中时,一切正常(获取同意书,然后获得令牌).
The strange thing is that I am getting this error only when executing the flow from GUI (user presses the button; angular2 front-end). When I put localhost:8080/myPageName directly into the browser address bar everything works fine (get consent form and then tokens).
感谢您的帮助.谢谢.
推荐答案
我遇到了相同的问题(带有react前端,但是是相同的). 这可能是因为从服务器使用重定向会触发CORS(即使从服务器允许也是如此).
I had the same issue (with a react frontend, but it's the same). This is probably because from the server you use redirect, which triggers CORS (even if from your server you allow it).
您必须以其他方式将重定向URL返回到您的前端,从前端应用程序中捕获它,然后调用您需要调用的URL.
you have to return the redirect URL to your front-end in some other way, capture it from the front-end app and then call the URL you need to invoke.
这篇关于Google OAuth2:重定向已被CORS政策阻止:请求需要进行预检,不允许遵循跨域重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
