如何在 node.js 上的 express.js 框架中启用跨域资源共享 (CORS) [英] How to enable cross-origin resource sharing (CORS) in the express.js framework on node.js
问题描述
我正在尝试在 node.js 中构建一个支持跨域脚本的 Web 服务器,同时仍提供来自公共目录的静态文件.我正在使用 express.js,但不确定如何允许跨域脚本(Access-Control-Allow-Origin: *).
I'm trying to build a web server in node.js that will support cross-domain scripting, while still providing static files from a public directory. I'm using the express.js and am not really sure how to allow cross-domain scripting (Access-Control-Allow-Origin: *).
我看到了 这篇文章,我觉得没有帮助.
I saw this post, which I did not find helpful.
var express = require('express')
, app = express.createServer();
app.get('/', function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next();
});
app.configure(function () {
app.use(express.methodOverride());
app.use(express.bodyParser());
app.use(app.router);
});
app.configure('development', function () {
app.use(express.static(__dirname + '/public'));
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
app.configure('production', function () {
var oneYear = 31557600000;
// app.use(express.static(__dirname + '/public', { maxAge: oneYear }));
app.use(express.static(__dirname + '/public'));
app.use(express.errorHandler());
});
app.listen(8888);
console.log('express running at http://localhost:%d', 8888);
推荐答案
在 node.js 上的 ExpressJS 应用中,对路由执行以下操作:
In your ExpressJS app on node.js, do the following with your routes:
app.all('/', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next();
});
app.get('/', function(req, res, next) {
// Handle the get for this route
});
app.post('/', function(req, res, next) {
// Handle the post for this route
});
第一次调用 (app.all) 应该在您应用中的所有其他路由(或至少是您希望启用 CORS 的路由)之前进行.
The first call (app.all) should be made before all the other routes in your app (or at least the ones you want to be CORS enabled).
如果您希望标题也显示为静态文件,试试这个(确保它在调用 use(express.static()):
If you want the headers to show up for static files as well, try this (make sure it's before the call to use(express.static()):
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next();
});
我用您的代码对此进行了测试,并从 public 目录中获取了资产的标头:
I tested this with your code, and got the headers on assets from the public directory:
var express = require('express')
, app = express.createServer();
app.configure(function () {
app.use(express.methodOverride());
app.use(express.bodyParser());
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next();
});
app.use(app.router);
});
app.configure('development', function () {
app.use(express.static(__dirname + '/public'));
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
app.configure('production', function () {
app.use(express.static(__dirname + '/public'));
app.use(express.errorHandler());
});
app.listen(8888);
console.log('express running at http://localhost:%d', 8888);
当然,您可以将函数打包到一个模块中,这样您就可以执行类似的操作
You could, of course, package the function up into a module so you can do something like
// cors.js
module.exports = function() {
return function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next();
};
}
// server.js
cors = require('./cors');
app.use(cors());
这篇关于如何在 node.js 上的 express.js 框架中启用跨域资源共享 (CORS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
