如何将 CORS 标头添加到 Meteor 应用程序? [英] How to add CORS headers to a Meteor app?
本文介绍了如何将 CORS 标头添加到 Meteor 应用程序?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如何将 Access-Control-Allow-Origin: *
标头添加到所有响应(特别是,我对 /public/
下的静态文件感兴趣))在流星?我需要这个,以便外部网络应用程序可以访问我的 Meteor 应用程序提供的数据.有关启用 CORS 的更多信息在这里.
How it is possible to add Access-Control-Allow-Origin: *
header to all responses (in particular, I am interested for static files under /public/
) in Meteor? I would need this so that external web apps can access data provides by my Meteor app. More information about enabling CORS is here.
推荐答案
这是我写的一个小片段.你可以作为一个例子来了解如何访问meteor 的核心连接和修改头文件,这也是每个meteor 项目的一个很好的插件:
Here is a little snippet I wrote. You can use as an example in how to access meteor's core connect and modify headers, also a pretty good drop-in for every meteor project:
/**
* HTTP Header Security
*
* enforce HTTP Strict Transport Security (HSTS) to prevent ManInTheMiddle-attacks
* on supported browsers (all but IE)
* > http://www.html5rocks.com/en/tutorials/security/transport-layer-security
*
* @header Strict-Transport-Security: max-age=2592000; includeSubDomains
*/
var connectHandler = WebApp.connectHandlers; // get meteor-core's connect-implementation
// attach connect-style middleware for response header injection
Meteor.startup(function () {
connectHandler.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=2592000; includeSubDomains'); // 2592000s / 30 days
return next();
})
})
这篇关于如何将 CORS 标头添加到 Meteor 应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文