我在角度js和sails.js(node.js框架)之间的角色问题上苦苦挣扎
我尝试修复错误:XMLHttpRequest无法加载http://localhost:1337/en/auth/forgetpass/email.请求标头字段Access-Control-Allow-Origin不允许Access-Control-Allow-Origin.
当我不激活我的拦截器时它运作良好.我没有这个错误.当我激活它时,我有错误.
//Enable cross domain calls
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
$httpProvider.defaults.headers.common['Access-Control-Allow-Headers'] = '*';
$httpProvider.defaults.headers.common['Access-Control-Allow-Origin'] = '*';
$httpProvider.defaults.headers.common['Access-Control-Allow-Methods'] = 'GET,POST,PUT,HEAD,DELETE,OPTIONS';
$httpProvider.interceptors.push('TokenInterceptor');
return {
request: function (config) {
var id = Session.getprop('id');
if(id) {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + id;
}
return config;
},...
最后,chrome网络标签的结果是:
Remote Address:127.0.0.1:1337 Request URL:http://localhost:1337/en/auth/forgetpass/email Request Method:OPTIONS Status Code:200 OK Response Headers Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:* Access-Control-Allow-Methods:GET,OPTIONS,HEAD Access-Control-Allow-Origin:* Allow:GET,TRACE,copY,LOCK,MKCOL,MOVE,PROPFIND,PROPPATCH,UNLOCK,REPORT,MKACTIVITY,CHECKOUT,MERGE,M-SEARCH,NOTIFY,SUBSCRIBE,UNSUBSCRIBE,PATCH Connection:keep-alive Content-Length:154 Content-Type:text/html; charset=utf-8 Date:Sun,12 Apr 2015 23:51:14 GMT Set-Cookie:sails.sid=s%3A-bZxQgFntbDqTtaFyWDFFgFr.szR0F68VfIBjVW9kyans9d6v5fz7RMtalQCoMfdbH%2Fg; Path=/; HttpOnly X-Powered-By:Sails <sailsjs.org> Request Headers Accept:*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers:access-control-allow-origin,accept,access-control-allow-headers,access-control-allow-methods Access-Control-Request-Method:POST Connection:keep-alive Host:localhost:1337 Origin:http://localhost:9000 Referer:http://localhost:9000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/41.0.2272.118 Safari/537.36
非常感谢!
好的,我终于找到了这个问题.
我将响应和请求标头与拦截器及其进行了比较.
我改变我的代码如下,它的工作原理.
在angularjs的app.js中
//Enable cross domain calls
/* $httpProvider.defaults.useXDomain = true;
//Remove the header used to identify ajax call that would prevent CORS from working
delete $httpProvider.defaults.headers.common['X-Requested-With'];
$httpProvider.defaults.headers.common['Access-Control-Allow-Headers'] = 'origin,content-type,accept';
$httpProvider.defaults.headers.common['Access-Control-Allow-Origin'] = '*';
$httpProvider.defaults.headers.common['Access-Control-Allow-Methods'] = 'GET,OPTIONS';*/
$httpProvider.interceptors.push('TokenInterceptor');
在我的sails.js cors setup config中我评论了方法和标题.它运作良好.
module.exports.cors = {
/***************************************************************************
* *
* Allow CORS on all routes by default? If not,you must enable CORS on a *
* per-route basis by either adding a "cors" configuration object to the *
* route config,or setting "cors:true" in the route config to use the *
* default settings below. *
* *
***************************************************************************/
allRoutes: true,/***************************************************************************
* *
* Which domains which are allowed CORS access? This can be a *
* comma-delimited list of hosts (beginning with http:// or https://) or *
* "*" to allow all domains CORS access. *
* *
***************************************************************************/
origin: '*',/***************************************************************************
* *
* Allow cookies to be shared for CORS requests? *
* *
***************************************************************************/
credentials: true
/***************************************************************************
* *
* Which methods should be allowed for CORS requests? This is only used in *
* response to preflight requests (see article linked above for more info) *
* *
***************************************************************************/
// methods: 'GET,HEAD',/***************************************************************************
* *
* Which headers should be allowed for CORS requests? This is only used in *
* response to preflight requests. *
* *
***************************************************************************/
// headers: 'origin,accept'
};
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
