我正在将Gatsby和Express与Fetch一起使用。托管在Heroku上。
调用注册端点时,出现以下错误:
“从来源“示例/客户端”获取“示例/ api”处的访问已被CORS策略阻止:请求的资源上不存在“ access-control-allow-origin”标头。如果响应不透明,您可以根据需要,将请求的模式设置为“ no-cors”,以在禁用CORS的情况下获取资源。”
在对我的注册终结点进行此调用之前,我正在向Get终结点发送成功的调用,该Get终结点发送了csurf令牌。
这是我的服务器代码:
APP配置
app.use(
cors({
origin: "front-end-url",methods: "GET,HEAD,PUT,PATCH,POST,DELETE",allowedHeaders: [
"Content-Type","access-Control-Allow-Headers","access-control-allow-origin","Authorization","csrf-token"
],exposedHeaders: [
"Content-Type",maxAge: 3600,preflightContinue: true,credentials: true
})
);
...
//configure pre-flight options
app.options("/getToken",cors());
app.options("/checkAuth",cors());
app.options("/signIn",cors());
app.options("/signUp",cors());
API端点
=>获取csurf令牌
app.get("/getToken",(req,res) => {
res.cookie("XSRF-TOKEN",req.csrfToken());
res.end();
});
=>注册路线(失败,并显示错误)
app.post(
"/signUp",res,next) => {
database operations...
},passport.authenticate("login"),next) => {
res.send({ user: req.user,authStatus: true });
}
);
前端代码
userSignUp = async (email,password,resetform) => {
console.log("THis is a test of the emergency..")
await fetch(process.env.API + "getToken",{
mode: "cors",// no-cors,cors,*include
cache: "no-cache",// *default,no-cache,reload,force-cache,only-if-cached
credentials: "include",// include,*include,omit
headers: {
"content-type": "application/json",},method: "GET",})
const token = Cookies.get("XSRF-TOKEN")
const data = await fetch(process.env.API + "signUp",{
body: JSON.stringify({ email: email,password: password }),mode: "cors","csrf-token": token,method: "POST",}).catch(error => this.setState({ isError: true }))
if (data.ok) {
console.log(data.ok)
data.json().then(content => {
console.log(content)
this.props.changeAuth(content.authStatus)
this.props.setCategories(content.user.categories)
this.props.getEvents(content.user.events)
resetform()
})
} else {
this.setState({
isError: true,})
}
}