Facebook Oauth CORS 错误 [英] Facebook Oauth CORS error
问题描述
我正在使用 oauth2 来处理通过 facebook 登录的用户.我在golang api中调用授权服务器时出现错误.
I am using oauth2 to handle a user login via facebook. The error occurs when I call the authorization server in the golang api.
这是网络错误.
<代码>Fetch API 无法加载 https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u…=email+public_profile&state=mUi4IpdY8yF5TNVVptMNNSn8IbVSZxJXTSEFM8Zg8LM%3D.请求的资源上不存在Access-Control-Allow-Origin"标头.因此,Origin 'null' 不允许访问.如果不透明的响应满足您的需求,请将请求的模式设置为no-cors"以获取禁用 CORS 的资源.
网络信息(铬)
<代码>请求网址:https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=lkmenB4FjNOShUQzL0Gpymi1xsvauaL7yTaw%3D请求方法:GET状态码:302远程地址:[2a03:2880:f003:c1f:face:b00c:0:25de]:443
请求标头
<代码>:authority:www.facebook.com:方法:获取:path:/dialog/oauth?client_id=1543358959292867&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&response_type=code&scope=email+public_profile&state=KPbwnGWQoI7PHvwhJ_JvZ7RowPthjqpaDTgKVI5RowPthjqpaDTgKVI5:方案:https接受:*/*接受编码:gzip、放气、sdch接受语言:en-US,en;q=0.8原产地:空推荐人:http://localhost:3000/用户代理:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
调用服务器api的Javascript函数.
Javascript function that calls server api.
<代码>let loginUrl = "http://localhost:7001/FBLogin"//服务器地址让配置 = {方法:'GET',模式:'cors',}fetch(loginUrl, config).then(response => {...}
调用oauth授权服务器(facebook)的Golang函数.
Golang function that calls oauth authorization server (facebook).
<代码>func FBLogin(w http.ResponseWriter, r *http.Request) {状态,错误:= hashutil.GenerateRandomState()logutil.Fatal(错误)url := config["fb"].AuthCodeURL(state)logutil.OauthSessionLogger(状态)http.Redirect(w, r, url, 302)}
我按照本指南在服务器端设置了正确的标头.在 Golang 中设置 HTTP 标头
I set the proper headers on the server side following this guide. Setting HTTP headers in Golang
我似乎无法找到错误的来源.(facebook API 开发人员控制台、服务器代码中的回调标头,还是启动调用的 javascript?我花了很多时间更改服务器标头,但错误仍然作为 CORS 问题存在.
I can't seem to find where the error comes from. (facebook API developer console, the callback headers in the server code, or the javascript initiating the call? I spent a lot of time changing the server headers but the error still persists as a CORS issue.
我的请求标头中的来源为空,需要考虑吗?
The origin in my request header is null, is that something to consider?
edit 增加了 no-cors 模式的结果.
edit added no-cors mode result.
<代码>FBLogin 302 text/html SessionActions.js?524b:35 736 B 5 ms
oauth?client_id=154335&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&D302 文本/html
http://localhost:7001/FBLogin 611 B 57 ms
login.php?skip_api_login=1&api_key=154335 200所有三个调用都成功了,但即使它这么说也从未重定向到 oauth 页面.响应类型为不透明",状态为 0.
FBLogin 302 text/html SessionActions.js?524b:35 736 B 5 ms
All three calls were successful, but was never redirected to the oauth page even when it said so. The response type was 'opaque' with a status 0.
oauth?client_id=154335&redirect_uri=http%3A%2F%2Flocalhost%3A7001%2FFBLogin%2FCallback&D
302 text/html
http://localhost:7001/FBLogin 611 B 57 ms
login.php?skip_api_login=1&api_key=154335 200
推荐答案
使用 wireshark 或 tcpdump 的网络跟踪可以帮助查找正在发生的事情或使用任何 firefox 插件捕获 http 流量以捕获实时标头.
a network trace using wireshark or tcpdump can help to find what's going on or capture http traffic using any firefox plugin to capture live headers.
这篇关于Facebook Oauth CORS 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
