如何添加CORS标题到Meteor应用程序? [英] How to add CORS headers to a Meteor app?
本文介绍了如何添加CORS标题到Meteor应用程序?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如何将 Access-Control-Allow-Origin:*
标题添加到所有响应中(特别是,我对<$ c $下的静态文件感兴趣c> / public / )?我需要这样,外部网络应用程序可以访问我的Meteor应用程序提供的数据。有关启用CORS的详情,在这里。
How it is possible to add Access-Control-Allow-Origin: *
header to all responses (in particular, I am interested for static files under /public/
) in Meteor? I would need this so that external web apps can access data provides by my Meteor app. More information about enabling CORS is here.
推荐答案
这是我写的一个小片段。你可以使用如何访问meteor的核心连接和修改头文件,也是每个meteor项目的一个很好的插件:
Here is a little snippet I wrote. You can use as an example in how to access meteor's core connect and modify headers, also a pretty good drop-in for every meteor project:
/**
* HTTP Header Security
*
* enforce HTTP Strict Transport Security (HSTS) to prevent ManInTheMiddle-attacks
* on supported browsers (all but IE)
* > http://www.html5rocks.com/en/tutorials/security/transport-layer-security
*
* @header Strict-Transport-Security: max-age=2592000; includeSubDomains
*/
var connectHandler = WebApp.connectHandlers; // get meteor-core's connect-implementation
// attach connect-style middleware for response header injection
Meteor.startup(function () {
connectHandler.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=2592000; includeSubDomains'); // 2592000s / 30 days
return next();
})
})
这篇关于如何添加CORS标题到Meteor应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文