如何添加CORS标题到Meteor应用程序？ [英] How to add CORS headers to a Meteor app?

问题描述

如何将 Access-Control-Allow-Origin：* 标题添加到所有响应中（特别是，我对<$ c $下的静态文件感兴趣c> / public / ）？我需要这样，外部网络应用程序可以访问我的Meteor应用程序提供的数据。有关启用CORS的详情，在这里。

How it is possible to add Access-Control-Allow-Origin: * header to all responses (in particular, I am interested for static files under /public/) in Meteor? I would need this so that external web apps can access data provides by my Meteor app. More information about enabling CORS is here.

推荐答案

这是我写的一个小片段。你可以使用如何访问meteor的核心连接和修改头文件，也是每个meteor项目的一个很好的插件：

Here is a little snippet I wrote. You can use as an example in how to access meteor's core connect and modify headers, also a pretty good drop-in for every meteor project:

/**
 * HTTP Header Security
 *
 * enforce HTTP Strict Transport Security (HSTS) to prevent ManInTheMiddle-attacks
 * on supported browsers (all but IE)
 * > http://www.html5rocks.com/en/tutorials/security/transport-layer-security
 *
 * @header Strict-Transport-Security: max-age=2592000; includeSubDomains
 */

var connectHandler = WebApp.connectHandlers; // get meteor-core's connect-implementation

// attach connect-style middleware for response header injection
Meteor.startup(function () {
  connectHandler.use(function (req, res, next) {
    res.setHeader('Strict-Transport-Security', 'max-age=2592000; includeSubDomains'); // 2592000s / 30 days
    return next();
  })
})

这篇关于如何添加CORS标题到Meteor应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！