HttpClient.get用于读取文件 [英] HttpClient.get for reading a file

问题描述

我想从Angular 8客户端读取以下文件:C:\ inetpub \ wwwroot IIS正在运行. 我使用了以下代码，并收到此错误:

From an Angular 8 client I want to read a file located at: C:\inetpub\wwwroot IIS is running. I used the following code and got this error:

从来源" http://localhost/MyFile.xml "处的XMLHttpRequest ="http://localhost:4200" rel ="nofollow noreferrer"> http://localhost:4200 '已被CORS策略阻止:上没有"Access-Control-Allow-Origin"标头请求的资源.

Access to XMLHttpRequest at 'http://localhost/MyFile.xml' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

在IIS配置中，我添加了:Access-Control-Allow-Origin，*为: HTTP响应标头.

In IIS configuration I added: Access-Control-Allow-Origin, * to: HTTP Response Headers.

但是，当IIS停止时，我也遇到了上述错误.

But I got the above error also when IIS was stopped.

你能解释什么是错吗?

预先感谢您， 兹维卡

let headers = new HttpHeaders;
headers.append ('Access-Control-Allow-Origin','*');
this.http.get ('http://localhost:80/dwell.xml',{headers: 
headers}).subscribe(
  (val) => {
      console.log("GET call successful value returned in body", 
                  val);
  },
  response => {
      console.log("GET call in error", response);
  },
  () => {
      console.log("The GET observable is now completed.");
  });

推荐答案

您已经开始使用

You have stepped into the usage of CORS one of the first issues one has to resolve when deploying angular aps to the real world.

我看到您已尝试在您的请求中设置标题'Access-Control-Allow-Origin','*'，但这将不起作用.如果浏览器首先与您的应用程序交谈的API授权，那么浏览器才真正接受标头(如

I see you have attempted to set the header 'Access-Control-Allow-Origin','*' in your request, but this will not work. The Browser would only really accept the header if its first authorized by the API your app is talking to (as described in this Wikipedia article)

当您有一个与其他域的API(在您的情况下为同一域中的另一个端口)交谈的有角度的应用程序时，该API需要授权CORS请求；否则，浏览器的运行角度将使您出现被CORS策略阻止"错误.这不仅适用于Angular，而且适用于该浏览器涉及多个域的任何请求.

When you have an angular app talking to an API of another domain (or another port in the same domain, in your case), that API needs to authorize the CORS request; otherwise the browser running angular will give you the "blocked by CORS policy" error. This is not only for angular but for any request from this browser involving multiple domains.

一旦您对CORS有了最新的了解，您将了解为什么所有浏览器仅在API明确授权的情况下才考虑发送CORS请求.确实可以提高安全性.

Once you get your understanding of CORS up to date, you will see why all Browsers would only consider sending a CORS request if they are explicitly authorized by the API. It really improves security.

要在IIS上配置CORS，您需要

To configure CORS on IIS, you will need to configure the IIS CORS module . This should be as simple as adding the lines described in this configuration link, and restarting IIS.

您也可以在浏览器上禁用CORS保护，但我不建议您这样做.学习如何在角度应用程序中使用CORS可以真正减少将其发布到生产环境中的麻烦.

You could also disable the CORS protection on your Browser, but I would not recommend it. Learning how to work with CORS in angular apps is something that will reduce your problems when you really want to release it to a production environment.

这篇关于HttpClient.get用于读取文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！