• <legend id='4jdEK'><style id='4jdEK'><dir id='4jdEK'><q id='4jdEK'></q></dir></style></legend>
  • <i id='4jdEK'><tr id='4jdEK'><dt id='4jdEK'><q id='4jdEK'><span id='4jdEK'><b id='4jdEK'><form id='4jdEK'><ins id='4jdEK'></ins><ul id='4jdEK'></ul><sub id='4jdEK'></sub></form><legend id='4jdEK'></legend><bdo id='4jdEK'><pre id='4jdEK'><center id='4jdEK'></center></pre></bdo></b><th id='4jdEK'></th></span></q></dt></tr></i><div id='4jdEK'><tfoot id='4jdEK'></tfoot><dl id='4jdEK'><fieldset id='4jdEK'></fieldset></dl></div>

    1. <small id='4jdEK'></small><noframes id='4jdEK'>

          <bdo id='4jdEK'></bdo><ul id='4jdEK'></ul>

        <tfoot id='4jdEK'></tfoot>

        CORS:当凭据标志为真时,无法在 Access-Control-Allo

        时间:2023-09-03
      1. <small id='jwYqq'></small><noframes id='jwYqq'>

        <i id='jwYqq'><tr id='jwYqq'><dt id='jwYqq'><q id='jwYqq'><span id='jwYqq'><b id='jwYqq'><form id='jwYqq'><ins id='jwYqq'></ins><ul id='jwYqq'></ul><sub id='jwYqq'></sub></form><legend id='jwYqq'></legend><bdo id='jwYqq'><pre id='jwYqq'><center id='jwYqq'></center></pre></bdo></b><th id='jwYqq'></th></span></q></dt></tr></i><div id='jwYqq'><tfoot id='jwYqq'></tfoot><dl id='jwYqq'><fieldset id='jwYqq'></fieldset></dl></div>
          <tfoot id='jwYqq'></tfoot>

          <legend id='jwYqq'><style id='jwYqq'><dir id='jwYqq'><q id='jwYqq'></q></dir></style></legend>
            <tbody id='jwYqq'></tbody>

              • <bdo id='jwYqq'></bdo><ul id='jwYqq'></ul>

                  本文介绍了CORS:当凭据标志为真时,无法在 Access-Control-Allow-Origin 中使用通配符的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                  问题描述

                  我有一个涉及

                  前端服务器(Node.js,域:localhost:3000)<--->后端(Django,Ajax,域:localhost:8000)

                  Frontend server (Node.js, domain: localhost:3000) <---> Backend (Django, Ajax, domain: localhost:8000)

                  浏览器 <-- webapp <-- Node.js(服务应用)

                  Browser <-- webapp <-- Node.js (Serve the app)

                  浏览器 (webapp) --> Ajax --> Django(服务 ajax POST 请求)

                  Browser (webapp) --> Ajax --> Django(Serve ajax POST requests)

                  现在,我的问题在于 Web 应用程序用于对后端服务器进行 Ajax 调用的 CORS 设置.在 chrome 中,我不断得到

                  Now, my problem here is with CORS setup which the webapp uses to make Ajax calls to the backend server. In chrome, I keep getting

                  当凭证标志为真时,不能在 Access-Control-Allow-Origin 中使用通配符.

                  Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.

                  在 Firefox 上也不起作用.

                  doesn't work on firefox either.

                  我的 Node.js 设置是:

                  My Node.js setup is:

                  var allowCrossDomain = function(req, res, next) {
                      res.header('Access-Control-Allow-Origin', 'http://localhost:8000/');
                      res.header('Access-Control-Allow-Credentials', true);
                      res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
                      res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
                      next();
                  };
                  

                  在 Django 中,我正在使用 这个中间件 连同这个

                  And in Django I'm using this middleware along with this

                  webapp 发出这样的请求:

                  The webapp makes requests as such:

                  $.ajax({
                      type: "POST",
                      url: 'http://localhost:8000/blah',
                      data: {},
                      xhrFields: {
                          withCredentials: true
                      },
                      crossDomain: true,
                      dataType: 'json',
                      success: successHandler
                  });
                  

                  因此,webapp 发送的请求标头如下所示:

                  So, the request headers that the webapp sends looks like:

                  Access-Control-Allow-Credentials: true
                  Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept"
                  Access-Control-Allow-Methods: 'GET,PUT,POST,DELETE'
                  Content-Type: application/json 
                  Accept: */*
                  Accept-Encoding: gzip,deflate,sdch
                  Accept-Language: en-US,en;q=0.8
                  Cookie: csrftoken=***; sessionid="***"
                  

                  这是响应标头:

                  Access-Control-Allow-Headers: Content-Type,*
                  Access-Control-Allow-Credentials: true
                  Access-Control-Allow-Origin: *
                  Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE
                  Content-Type: application/json
                  

                  我哪里错了?!

                  编辑 1:我一直在使用 chrome --disable-web-security,但现在希望事情能够真正发挥作用.

                  Edit 1: I've been using chrome --disable-web-security, but now want things to actually work.

                  编辑 2:答案:

                  所以,我的解决方案 django-cors-headers 配置:

                  So, solution for me django-cors-headers config:

                  CORS_ORIGIN_ALLOW_ALL = False
                  CORS_ALLOW_CREDENTIALS = True
                  CORS_ORIGIN_WHITELIST = (
                      'http://localhost:3000' # Here was the problem indeed and it has to be http://localhost:3000, not http://localhost:3000/
                  )
                  

                  推荐答案

                  这是安全的一部分,你不能那样做.如果您想允许凭据,那么您的 Access-Control-Allow-Origin 不得使用 *.您必须指定确切的协议 + 域 + 端口.参考这些问题:

                  This is a part of security, you cannot do that. If you want to allow credentials then your Access-Control-Allow-Origin must not use *. You will have to specify the exact protocol + domain + port. For reference see these questions :

                  1. Access-Control-Allow-Origin 通配符子域、端口和协议
                  2. 使用凭证的跨源资源共享

                  除了 * 过于宽松,会破坏凭据的使用.因此将 http://localhost:3000http://localhost:8000 设置为允许来源标头.

                  Besides * is too permissive and would defeat use of credentials. So set http://localhost:3000 or http://localhost:8000 as the allow origin header.

                  这篇关于CORS:当凭据标志为真时,无法在 Access-Control-Allow-Origin 中使用通配符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                  上一篇:如何使跨域资源共享 (CORS) 发布请求正常工作 下一篇:CORS 错误:“请求仅支持协议方案:http……"等

                  相关文章

                  最新文章

                  1. <tfoot id='jC4XQ'></tfoot>
                    <i id='jC4XQ'><tr id='jC4XQ'><dt id='jC4XQ'><q id='jC4XQ'><span id='jC4XQ'><b id='jC4XQ'><form id='jC4XQ'><ins id='jC4XQ'></ins><ul id='jC4XQ'></ul><sub id='jC4XQ'></sub></form><legend id='jC4XQ'></legend><bdo id='jC4XQ'><pre id='jC4XQ'><center id='jC4XQ'></center></pre></bdo></b><th id='jC4XQ'></th></span></q></dt></tr></i><div id='jC4XQ'><tfoot id='jC4XQ'></tfoot><dl id='jC4XQ'><fieldset id='jC4XQ'></fieldset></dl></div>

                    <small id='jC4XQ'></small><noframes id='jC4XQ'>

                  2. <legend id='jC4XQ'><style id='jC4XQ'><dir id='jC4XQ'><q id='jC4XQ'></q></dir></style></legend>

                      <bdo id='jC4XQ'></bdo><ul id='jC4XQ'></ul>