Access-Control-Allow-Origin 跨域设置多域名
<div><div>
<p>在HTML5中有一种新的跨域方式,即设置“Access-Control-Allow-Origin”可以指定允许跨域访问的域名。<br>
Node.js中可以这样写</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-jsx"><code class="language-jsx">app<span class="token punctuation">.<span class="token function">all<span class="token punctuation">(<span class="token string">'*'<span class="token punctuation">, <span class="token keyword">function<span class="token punctuation">(<span class="token parameter">req<span class="token punctuation">, res<span class="token punctuation">, next<span class="token punctuation">) <span class="token punctuation">{
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">"Access-Control-Allow-Origin"<span class="token punctuation">, <span class="token string">'https://www.google.com'<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Methods'<span class="token punctuation">, <span class="token string">'POST, GET'<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Headers'<span class="token punctuation">, <span class="token string">'X-Requested-With'<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Headers'<span class="token punctuation">, <span class="token string">'Content-Type'<span class="token punctuation">)<span class="token punctuation">;
<span class="token function">next<span class="token punctuation">(<span class="token punctuation">)<span class="token punctuation">;
<span class="token punctuation">}<span class="token punctuation">)<span class="token punctuation">;
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>但在实际使用中,可能需要设置多个域名。<br>
在网上查询资料,有一种写法</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-cpp"><code class="language-cpp">Access<span class="token operator">-Control<span class="token operator">-Allow<span class="token operator">-Origin<span class="token operator">: https<span class="token operator">:<span class="token operator">/<span class="token operator">/www<span class="token punctuation">.google<span class="token punctuation">.com<span class="token punctuation">,https<span class="token operator">:<span class="token operator">/<span class="token operator">/www<span class="token punctuation">.baidu<span class="token punctuation">.com
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>改成相应的代码,但是始终提示问题,只允许一个值。</p>
<p>于是换种方式,查资料发现,许多是先自己判断域名是否是允许的,如果是再设置允许跨域访问。那么代码应该改成如下形式</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-jsx"><code class="language-jsx">app<span class="token punctuation">.<span class="token function">all<span class="token punctuation">(<span class="token string">'*'<span class="token punctuation">, <span class="token keyword">function<span class="token punctuation">(<span class="token parameter">req<span class="token punctuation">, res<span class="token punctuation">, next<span class="token punctuation">) <span class="token punctuation">{
<span class="token keyword">if<span class="token punctuation">( req<span class="token punctuation">.headers<span class="token punctuation">.origin <span class="token operator">== <span class="token string">'https://www.google.com' <span class="token operator">|| req<span class="token punctuation">.headers<span class="token punctuation">.origin <span class="token operator">== <span class="token string">'https://www.baidu.com' <span class="token punctuation">)<span class="token punctuation">{
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">"Access-Control-Allow-Origin"<span class="token punctuation">, req<span class="token punctuation">.headers<span class="token punctuation">.origin<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Methods'<span class="token punctuation">, <span class="token string">'POST, GET'<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Headers'<span class="token punctuation">, <span class="token string">'X-Requested-With'<span class="token punctuation">)<span class="token punctuation">;
res<span class="token punctuation">.<span class="token function">header<span class="token punctuation">(<span class="token string">'Access-Control-Allow-Headers'<span class="token punctuation">, <span class="token string">'Content-Type'<span class="token punctuation">)<span class="token punctuation">;
<span class="token punctuation">}
<span class="token function">next<span class="token punctuation">(<span class="token punctuation">)<span class="token punctuation">;
<span class="token punctuation">}<span class="token punctuation">)<span class="token punctuation">;
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>使用时可以把允许访问的域名写成一个数组,然后JS写一个比较字符串是否在数组内的函数,这样使用就比较方便了。</p>
<p>其中,<code>Access-Control-Allow-Origin</code>就是我们需要设置的域名,<code>Access-Control-Allow-Methods</code>是允许的请求方式,<code>Access-Control-Allow-Headers</code>跨域允许包含的头。</p>
<div class="image-package">
<div class="image-container">
<div class="image-container-fill"> </div>
<div class="image-view" data-width="1182" data-height="536"><img src="//upload-images.jianshu.io/upload_images/1901885-88efdc8f4c89d324.png?imageMogr2/auto-orient/strip|imageView2/2/w/1182/format/webp" data-original-src="//upload-images.jianshu.io/upload_images/1901885-88efdc8f4c89d324.png" data-original-width="1182" data-original-height="536" data-original-format="image/png" data-original-filesize="51153" data-image-index="0"></div>
</div>
<div class="image-caption">兼容性</div>
</div>
</div>
<br><br>作者:LnEoi<br>链接:https://www.jianshu.com/p/b587dd1b7086<br>来源:简书<br>著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。</div>
</div>
<div id="MySignature" role="contentinfo">
漫思<br><br>
来源:https://www.cnblogs.com/sexintercourse/p/15455746.html
頁:
[1]