我遇到了一些Cors和標頭的問題。我有以下中間件:Cors和標頭
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type,X-Access-Token,Authorization');
next();
之後,我有另外一箇中間件來檢查令牌:
const token = req.body.token || req.query.token || req.headers['x-access-token'];
if (token) {
jwt.verify(token, config.jwtKey, (err, decoded) => {
if(err) {
return res.json({success: false, errmsg: 'Wrong key'});
} else {
req.decoded = decoded;
next();
}
});
} else {
return res.status(403)
.send({
success: false,
message: "No token provided"
});
}
但是,當我登錄req.headers:
{ host: 'localhost:4556',
connection: 'keep-alive',
'access-control-request-method': 'POST',
origin: 'http://localhost:4200',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36',
'access-control-request-headers': 'authorization,content-type,x-access-token',
accept: '*/*',
dnt: '1',
referer: 'http://localhost:4200/posts',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'sv,en-US;q=0.8,en;q=0.6' }
沒有「X -access-token「,除了在」access-control-request-headers「中。這只是名字。有些東西一定是錯的,但是當我使用GOOGLE時發現的所有東西都是使用Access-Control-Allow-Headers
。
我應該使用res.set()嗎?什麼應該是價值和關鍵? – gelv