允许对 Heroku 上的 Express/Node.js 应用程序的 CORS REST 请求 [英] Allow CORS REST request to a Express/Node.js application on Heroku
问题描述
我在 node.js 的 express 框架上编写了一个 REST API,它适用于来自 Chrome 中的 js 控制台和 URL 栏等的请求.我现在正试图让它适用于来自另一个应用程序的请求,在不同的域 (CORS) 上.
I've written a REST API on the express framework for node.js that works for requests from the js console in Chrome, and URL bar, etc. I'm now trying to get it working for requests from another app, on a different domain (CORS).
由 javascript 前端自动发出的第一个请求是/api/search?uri=,并且似乎在预检"OPTIONS 请求中失败.
The first request, made automatically by the javascript front end, is to /api/search?uri=, and appears to be failing on the "preflight" OPTIONS request.
在我的 express 应用程序中,我正在添加 CORS 标头,使用:
In my express app, I am adding CORS headers, using:
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
// intercept OPTIONS method
if ('OPTIONS' == req.method) {
res.send(200);
}
else {
next();
}
};
和:
app.configure(function () {
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(app.router);
app.use(allowCrossDomain);
app.use(express.static(path.join(application_root, "public")));
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
从 Chrome 控制台我得到这些标题:
From the Chrome console I get these headers:
请求地址:http://furious-night-5419.herokuapp.com/api/search?uri=http%3A%2F%2Flocalhost%3A5000%2Fcollections%2F1%2Fdocuments%2F1
Request URL:http://furious-night-5419.herokuapp.com/api/search?uri=http%3A%2F%2Flocalhost%3A5000%2Fcollections%2F1%2Fdocuments%2F1
请求方法:OPTIONS
Request Method:OPTIONS
状态代码:200 OK
Status Code:200 OK
请求头
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, x-annotator-auth-token, accept
Access-Control-Request-Method:GET
Connection:keep-alive
Host:furious-night-5419.herokuapp.com
Origin:http://localhost:5000
Referer:http://localhost:5000/collections/1/documents/1
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
查询字符串参数
uri:http://localhost:5000/collections/1/documents/1
响应头
Allow:GET
Connection:keep-alive
Content-Length:3
Content-Type:text/html; charset=utf-8
X-Powered-By:Express
这看起来像是 API 应用程序发送的头文件缺失吗?
Does this look like a lack of proper headers being sent by the API application?
谢谢.
推荐答案
我已经在一个干净的 ExpressJS 应用程序上检查了你的代码,它工作得很好.
I've cheked your code on a clean ExpressJS app and it works just fine.
尝试将您的 app.use(allowCrossDomain)
移动到配置函数的顶部.
Try move your app.use(allowCrossDomain)
to the top of configure function.
这篇关于允许对 Heroku 上的 Express/Node.js 应用程序的 CORS REST 请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!