所有请求都被 CORS 开发策略阻止
All requests blocked by CORS policy on development
我有一个带有 React 客户端的 Rails API。我已经在应用程序设置中设置了很长时间,今天我正在处理它时突然开始收到错误消息:
Access to XMLHttpRequest at 'http://localhost:3000/api/v1/user/authed'
from origin 'http://localhost:8000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Origin' header in the response
must not be the wildcard '*' when the request's credentials mode is
'include'. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.
现在我的应用程序中的 none 个请求完全有效。
请求确实从 React 应用程序传递到 Rails API 并且 Rails API 也正确响应(我可以在终端中看到这个) 但在客户端实际上没有发生任何事情,因为我假设它由于 CORS 原因而被阻止。
我能做些什么来解决这个问题吗?会不会是某些包在我的系统上以某种方式更新了并且与项目不同所以现在它坏了?
URL 请求:
const ENDPOINT = '/api/v1',
PORT = 3000,
URL = window.location.protocol + '//' + window.location.hostname + ':' + PORT + ENDPOINT;
要求
$.ajax({
url: URL + '/' + resource,
type: verb,
data: params,
xhrFields: { withCredentials: true }
})
.done(callback)
.fail(errcallback);
请求函数的格式为:
static get(resource, params, callback, errcallback) {
API.send('GET', resource, params, callback, errcallback);
}
如果您的 API 不需要凭据,您应该删除 withCredentials: true。
关于withCredentials的更多信息:
The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
我有一个带有 React 客户端的 Rails API。我已经在应用程序设置中设置了很长时间,今天我正在处理它时突然开始收到错误消息:
Access to XMLHttpRequest at 'http://localhost:3000/api/v1/user/authed'
from origin 'http://localhost:8000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Origin' header in the response
must not be the wildcard '*' when the request's credentials mode is
'include'. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.
现在我的应用程序中的 none 个请求完全有效。
请求确实从 React 应用程序传递到 Rails API 并且 Rails API 也正确响应(我可以在终端中看到这个) 但在客户端实际上没有发生任何事情,因为我假设它由于 CORS 原因而被阻止。
我能做些什么来解决这个问题吗?会不会是某些包在我的系统上以某种方式更新了并且与项目不同所以现在它坏了?
URL 请求:
const ENDPOINT = '/api/v1',
PORT = 3000,
URL = window.location.protocol + '//' + window.location.hostname + ':' + PORT + ENDPOINT;
要求
$.ajax({
url: URL + '/' + resource,
type: verb,
data: params,
xhrFields: { withCredentials: true }
})
.done(callback)
.fail(errcallback);
请求函数的格式为:
static get(resource, params, callback, errcallback) {
API.send('GET', resource, params, callback, errcallback);
}
如果您的 API 不需要凭据,您应该删除 withCredentials: true。
关于withCredentials的更多信息:
The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials