前端之家

  1. 首页
  2. 问答

CORS请求在移动用户代理上失败

问答

描述错误 我设置了一个cors-anywhere代理服务器,该服务器未从我在移动设备上请求的api端点返回数据

我正在使用axios.get请求,并且在移动电话上使用该页面或在开发人员控制台(Chrome,Safari响应模式)中使用移动响应窗口时,响应缺少access-Control-Allow-Methods。

要复制 -使用axios.get命令尝试对cors反向代理的请求。 -然后在手机或浏览器响应窗口上尝试 -查看内容无法加载,但加载到桌面上



const getData = async () => {
    try {
        axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
        const request = `https://proxy.com/https://site.data/`
        const response = await axios.get(request )
        return extractData(response.data)
    } catch (e) {
        return null;
    }
};

预期行为 数据应该加载,因为它是以桌面分辨率(和手机浏览器的桌面模式)加载的。

环境:  -Axios版本[0.19.0]  -操作系统:[OS 12.1.0,Android 9,OSX 10.13.4]  -浏览器[Chrome,Safari,MobileChrome,MobileSafari]  -浏览器版本[Chrome 80,Safari 14]  -其他库版本[React 16.12.0]

其他上下文/屏幕截图 

Response Header in Desktop:

access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: content-type,x-ua-compatible,cache-control,pragma,expires,date,p3p,strict-transport-security,content-security-policy,content-encoding,transfer-encoding,server,x-xss-protection,x-frame-options,x-content-type-options,alt-svc,connection,x-final-url,access-control-allow-origin
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache,no-store,max-age=0,must-revalidate
Connection: keep-alive
content-encoding: br
content-security-policy: script-src 'report-sample' 'nonce-I127VgEm+tBFy2YSgJXSIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/PhotosUi/cspreport;worker-src 'self',script-src 'nonce-I127VgEm+tBFy2YSgJXSIg' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://s.ytimg.com https://www.googleapis.com https://youtube.com https://youtube.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://payments.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PhotosUi/cspreport
Content-Type: text/html; charset=utf-8
Date: Tue,10 Dec 2019 12:29:55 GMT
expires: Mon,01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
strict-transport-security: max-age=31536000
Transfer-Encoding: chunked
x-content-type-options: nosniff
X-CORS-Redirect-1: 302 https://photos.google.com/share/
x-final-url: https://photos.google.com/share/
x-frame-options: SAMEORIGIN
x-request-url: https://photos.app.goo.gl/
x-ua-compatible: IE=edge
x-xss-protection: 0


Request Header in Desktop:

accept: application/json,text/plain,*/*
accept-Encoding: gzip,deflate,br
accept-Language: en-CA,en;q=0.9
Connection: keep-alive
DNT: 1
Host: proxy.site.com
Origin: https://example.com
Referer: https://example.com/album/testing
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/79.0.3945.70 Safari/537.36


Request Header in Mobile:

access-control-allow-origin: *
access-control-expose-headers: content-type,must-revalidate
Connection: keep-alive
content-encoding: gzip
content-security-policy: script-src 'nonce-fjOgq7jgU4Dsl9ogIcxhZw' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
Content-Type: text/html; charset=utf-8
Date: Tue,10 Dec 2019 12:33:43 GMT
expires: Mon,01 Jan 1990 00:00:00 GMT
pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
x-content-type-options: nosniff
x-final-url: https://photos.app.goo.gl/
x-frame-options: SAMEORIGIN
x-request-url: https://photos.app.goo.gl/
x-ua-compatible: IE=edge
x-xss-protection: 0


Response Header in Mobile:

accept: application/json,en;q=0.9
Connection: keep-alive
DNT: 1
Host: proxy.site.com
Origin: https://example.com
Referer: https://example.com/album/testing
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML,like Gecko) Version/10.0 Mobile/14E304 Safari/602.1
zanggexing 回答:CORS请求在移动用户代理上失败
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
axioscorsnext.jsproxyuser-agent
本文链接:https://www.f2er.com/2940075.html

大家都在问