个人中心
gpt4 book ai didi

javascript - 随处定制 cors

转载 作者:行者123 更新时间:2023-12-03 04:03:58 27 4
gpt4 key购买 nike

我已部署(托管)cors-anywhere在 Heroku 中,但我不知道如何自定义它。例如,我想在白名单中添加一个站点链接。我从这个链接获取数据:http://fmon.asti.dost.gov.ph/dataloc.php?param=rv&dfrm=null&dto=null&numloc=1&data24=1&locs[]=711

我要怎么做呢?我尝试过触摸 server.js 文件:

// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
//var port = process.env.PORT || 443;
var port = process.env.PORT || 8080;

// Grab the blacklist from the command-line so that we can update the blacklist without deploying
// again. CORS Anywhere is open by design, and this blacklist is not used, except for countering
// immediate abuse (e.g. denial of service). If you want to block all origins except for some,
// use originWhitelist instead.
var originBlacklist = parseEnvList(process.env.CORSANYWHERE_BLACKLIST);
//var originWhitelist = ['http://fmon.asti.dost.gov.ph/dataloc.php','https://fmon.asti.dost.gov.ph/dataloc.php','http://fmon.asti.dost.gov.ph','https://fmon.asti.dost.gov.ph'];
var originWhitelist = parseEnvList(process.env.CORSANYWHERE_WHITELIST);
function parseEnvList(env) {
  if (!env) {
    return [];
  }
  return env.split(',');
}

// Set up rate-limiting to avoid abuse of the public CORS Anywhere server.
var checkRateLimit = require('./lib/rate-limit')(process.env.CORSANYWHERE_RATELIMIT);

var cors_proxy = require('./lib/cors-anywhere');
cors_proxy.createServer({
  originBlacklist: originBlacklist,
  originWhitelist: originWhitelist,
  requireHeader: ['origin', 'x-requested-with'],
  checkRateLimit: checkRateLimit,
  removeHeaders: [
    'cookie',
    'cookie2',
    // Strip Heroku-specific headers
    'x-heroku-queue-wait-time',
    'x-heroku-queue-depth',
    'x-heroku-dynos-in-use',
    'x-request-start',
  ],
  redirectSameOrigin: true,
  httpProxyOptions: {
    // Do not add X-Forwarded-For, etc. headers, because Heroku already adds it.
    xfwd: false,
  },
}).listen(port, host, function() {
  console.log('Running CORS Anywhere on ' + host + ':' + port);
});

但是当我访问数据并查看控制台日志时,它返回403错误,这是禁止的。

最佳答案

NOTE: When you say self hosted CORS it will only work for your site to proxy. CORS setting on your server is for you not for the list of sites you mentioned. They will be having their own CORS filters setup.

403实际上指的是禁止资源而不是CORS问题。 Cors 问题将如下所示:-

请求的资源上不存在“Access-Control-Allow-Origin” header 。因此,不允许访问来源“yourUrl”。响应的 HTTP 状态代码为 400

对于 cors-anywhere,白名单代码非常简单,如下所述:-

// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
var port = process.env.PORT || 8080;

var cors_proxy = require('cors-anywhere');
cors_proxy.createServer({
    originWhitelist: ['http://fmon.asti.dost.gov.ph'], // Allow all origins
    requireHeader: ['origin', 'x-requested-with'],
    removeHeaders: ['cookie', 'cookie2']
}).listen(port, host, function() {
    console.log('Running CORS Anywhere on ' + host + ':' + port);
});

理想情况下,这应该适合您的应用程序在某处调用它。

<小时/>

If you are getting 403 while accessing this URL from your application then be sure the URL you mentioned is protected and you must get proper authentication done before requesting it.

<小时/>

关于javascript - 随处定制 cors,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44644471/

27 4 0
文章推荐: javascript - 通过javascript调用webservice?
文章推荐: javascript - ng-repeat 中的 Angular js 动态绑定(bind)
文章推荐: javascript - 如何改变FusionChart的背景颜色?
文章推荐: javascript - js中如何分离数组
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com