Azure 暂存环境 "No 'Access-Control-Allow-Origin' header is present on the requested resource"
Azure Staging Environment "No 'Access-Control-Allow-Origin' header is present on the requested resource"
我继承了一个托管在 Azure 中的 web-app,但似乎暂存环境 CORS 的运行方式与所有其他环境不同。
我是 Azure 管理的新手,我已经在 API 应用服务(之前没有配置集)上应用了 CORS 配置,但没有解决问题。
您可以在下面比较不同的环境general/response headers。
本地开发...
Request URL: http://localhost:3001/api/getstarted/plans?fetchExcluded=true
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:3001
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Thu, 04 Nov 2021 21:55:22 GMT
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=15552000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
当前生产...
Request URL: https://api.<webapp>.app/api/getstarted/plans?fetchExcluded=true
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: ##.###.###.###:443
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Date: Thu, 04 Nov 2021 22:04:19 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
但是在分期...
Request URL: https://<webapp>.azurewebsites.net/api/getstarted/plans?fetchExcluded=true
Request Method: OPTIONS
Status Code: 503 Service Temporarily Unavailable
Remote Address: ##.###.###.###:443
Referrer Policy: strict-origin-when-cross-origin
Content-Length: 398
Date: Thu, 04 Nov 2021 21:56:02 GMT
Server: nginx
并从暂存中的调试控制台...
- Access to XMLHttpRequest at
'https://<webapp>.azurewebsites.net/api/getstarted/plans?fetchExcluded=true'
from origin 'https://<webapp>.z8.web.core.windows.net' has been
blocked by CORS policy: Response to preflight request doesn't pass
access control check: No 'Access-Control-Allow-Origin' header is
present on the requested resource. xhr.js:178
- GET
https://<webapp>-api-staging.azurewebsites.net/api/getstarted/plans?fetchExcluded=true
net::ERR_FAILED
我检查了 Azure 订阅使用 + 配额,唯一接近配额的是“网络观察者”
API 框架是带有 CORS 的 ExpressJS...
app.use(cors())
在我看来,这个问题与 CORS 无关,好吧,说得更好,...
正如您在暂存环境中看到的那样,您收到 503、服务不可用、HTTP 状态错误代码:
Status Code: 503 Service Temporarily Unavailable
所以我的猜测是暂存环境由于某种原因无法正常工作,并且关联的负载均衡器正在返回一个 503 错误页面,当然,没有任何 CORS 指示,并且您的浏览器正在抱怨由于您的 API 没有收到有效回复。
请检查暂存环境的状态:一旦健康,它可能会为您的申请提供适当的响应。
不幸的是,这个问题根本不是 CORS;相反,由于 ESNext JS 语法 (server < ESNext)
,服务器映像无法构建和编译
我找到了日志流 API,它允许我查看所有错误,对于后代,您可能会找到相同的; https://<webapp>.scm.azurewebsites.net/api/logstream
我继承了一个托管在 Azure 中的 web-app,但似乎暂存环境 CORS 的运行方式与所有其他环境不同。
我是 Azure 管理的新手,我已经在 API 应用服务(之前没有配置集)上应用了 CORS 配置,但没有解决问题。
您可以在下面比较不同的环境general/response headers。
本地开发...
Request URL: http://localhost:3001/api/getstarted/plans?fetchExcluded=true
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:3001
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Thu, 04 Nov 2021 21:55:22 GMT
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=15552000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
当前生产...
Request URL: https://api.<webapp>.app/api/getstarted/plans?fetchExcluded=true
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: ##.###.###.###:443
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Date: Thu, 04 Nov 2021 22:04:19 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
但是在分期...
Request URL: https://<webapp>.azurewebsites.net/api/getstarted/plans?fetchExcluded=true
Request Method: OPTIONS
Status Code: 503 Service Temporarily Unavailable
Remote Address: ##.###.###.###:443
Referrer Policy: strict-origin-when-cross-origin
Content-Length: 398
Date: Thu, 04 Nov 2021 21:56:02 GMT
Server: nginx
并从暂存中的调试控制台...
- Access to XMLHttpRequest at
'https://<webapp>.azurewebsites.net/api/getstarted/plans?fetchExcluded=true'
from origin 'https://<webapp>.z8.web.core.windows.net' has been
blocked by CORS policy: Response to preflight request doesn't pass
access control check: No 'Access-Control-Allow-Origin' header is
present on the requested resource. xhr.js:178
- GET
https://<webapp>-api-staging.azurewebsites.net/api/getstarted/plans?fetchExcluded=true
net::ERR_FAILED
我检查了 Azure 订阅使用 + 配额,唯一接近配额的是“网络观察者”
API 框架是带有 CORS 的 ExpressJS...
app.use(cors())
在我看来,这个问题与 CORS 无关,好吧,说得更好,...
正如您在暂存环境中看到的那样,您收到 503、服务不可用、HTTP 状态错误代码:
Status Code: 503 Service Temporarily Unavailable
所以我的猜测是暂存环境由于某种原因无法正常工作,并且关联的负载均衡器正在返回一个 503 错误页面,当然,没有任何 CORS 指示,并且您的浏览器正在抱怨由于您的 API 没有收到有效回复。
请检查暂存环境的状态:一旦健康,它可能会为您的申请提供适当的响应。
不幸的是,这个问题根本不是 CORS;相反,由于 ESNext JS 语法 (server < ESNext)
,服务器映像无法构建和编译我找到了日志流 API,它允许我查看所有错误,对于后代,您可能会找到相同的; https://<webapp>.scm.azurewebsites.net/api/logstream