我嘗試構建一個平臺,該平臺由2個分離的部分組成,即後端和前端。 後端由Express.js和Passport.js提供支持。它可以通過localhost:3000獲得。 前端使用Google聚合物1.0,並在localhost:8001上運行。302將CORS預檢請求重定向到nodejs服務器
我想在我的後端做所有API的東西。 Ui調用並從後端獲取數據。
當試圖爲授權做一個鐵Ajax請求我的後端的路線,我得到一個錯誤CORS:
XMLHttpRequest cannot load http://localhost:3000/auth/facebook. The request was redirected to 'https://www.facebook.com/v2.2/dialog/oauth?response_type=code&redirect_uri=…%3A3000%2Fauth%2Ffacebook%2Fcallback&scope=email&client_id=0815', which is disallowed for cross-origin requests that require preflight.
UI片段:
iron-ajax id="login" url="" method="GET" headers='{"X-Requested-With": "XMLHttpRequest"}' handle-as="json" on-response="hresponse" debounce-duration="300"> /iron-ajax> _handleTap: function() { var url = 'http://localhost:3000/auth/' + this.service; this.$.login.url = url; this.$.login.generateRequest(); },
後端片段:
app.get('/auth/facebook', passport.authenticate('facebook', { scope: 'email' })); app.get('/auth/facebook/callback', passport.authenticate('facebook'), function(req, res) { res.status(200).json({ success: true, message: 'Enjoy!', redirect: '/route/to/nowhere', }).end(); });
正如你所看到的,我只是使用了簡單的Facebook驗證片段passport.js documenation。
有2請求進行: 預檢
RESPONSE HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Allow: GET,HEAD Content-Type: text/html; charset=utf-8 Content-Length: 8 ETag: W/"8-8ww6QOmj5lyGjHVKXelZGQ" Date: Tue, 26 Jan 2016 12:59:20 GMT Connection: keep-alive REQUEST OPTIONS /auth/facebook HTTP/1.1 Host: localhost:3000 Connection: keep-alive Access-Control-Request-Method: GET Origin: http://localhost:8001 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 Access-Control-Request-Headers: accept, x-requested-with Accept: */* DNT: 1 Referer: http://localhost:8001/ Accept-Encoding: gzip, deflate, sdch Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
GET:
RESPONSE HTTP/1.1 302 Found X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Location: https://www.facebook.com/v2.2/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ffacebook%2Fcallback&scope=email&client_id=0815 Content-Length: 0 Date: Tue, 26 Jan 2016 12:59:20 GMT Connection: keep-alive REQUEST GET /auth/facebook HTTP/1.1 Host: localhost:3000 Connection: keep-alive accept: application/json Origin: http://localhost:8001 x-requested-with: XMLHttpRequest User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 DNT: 1 Referer: http://localhost:8001/ Accept-Encoding: gzip, deflate, sdch Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
我的node.js服務器也接受CORS請求
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
當使用本地主機:3000/auth/facebook作爲鏈接,我從後端和端口3000得到我的json響應,但是那不是我想要的。
是否有可能通過自己的API接口處理這樣的API請求,就像我的一樣?目前我在這裏看到一個大展示塞。
謝謝& BR; 安德烈
是很好的解釋也許你需要在'接入控制允許Origin'您的主機名添加,因爲有些瀏覽器不接受*。並且[臉書護照](http://passportjs.org/docs/facebook)說'注意:出於安全原因,重定向URL必須駐留在與Facebook註冊的同一主機上。' – Dmitry
@Dmitry我添加了我的託管到'Access-Control-Allow-Origin',但不會改變任何內容。 fb重定向/回調與請求位於相同的URL(端口) – mybecks
您是否找到了解決方案? –