Deadly CORS when http://localhost is the origin

后端 未结 9 1318
迷失自我
迷失自我 2020-11-22 00:54

I am stuck with this CORS problem, even though I set the server (nginx/node.js) with the appropriate headers.

I can see in Chrome Network pane -> Response Headers:

相关标签:
9条回答
  • 2020-11-22 01:21

    Per @Beau's answer, Chrome does not support localhost CORS requests, and there is unlikely any change in this direction.

    I use the Allow-Control-Allow-Origin: * Chrome Extension to go around this issue. The extension will add the necessary HTTP Headers for CORS:

    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: "GET, PUT, POST, DELETE, HEAD, OPTIONS"
    Access-Control-Expose-Headers: <you can add values here>
    

    The source code is published on Github.

    Note that the extension filter all URLs by default. This may break some websites (for example: Dropbox). I have changed it to filter only localhost URLs with the following URL filter

    *://localhost:*/*
    
    0 讨论(0)
  • 2020-11-22 01:28

    Agreed! CORS should be enabled on the server-side to resolve the issue ground up. However...

    For me the case was:

    I desperately wanted to test my front-end(React/Angular/VUE) code locally with the REST API provided by the client with no access to the server config.

    Just for testing

    After trying all the steps above that didn't work I was forced to disable web security and site isolation trials on chrome along with specifying the user data directory(tried skipping this, didn't work).

    For Windows

    cd C:\Program Files\Google\Chrome\Application
    

    Disable web security and site isolation trials

    chrome.exe  --disable-site-isolation-trials --disable-web-security --user-data-dir="PATH_TO_PROJECT_DIRECTORY"
    

    This finally worked! Hope this helps!

    0 讨论(0)
  • 2020-11-22 01:33

    Quick and dirty Chrome extension fix:

    Moesif Orign & CORS Changer

    However, Chrome does support cross-origin requests from localhost. Make sure to add a header for Access-Control-Allow-Origin for localhost.

    0 讨论(0)
  • 2020-11-22 01:35

    None of the extensions worked for me, so I installed a simple local proxy. In my case https://www.npmjs.com/package/local-cors-proxy It is a 2-minute setup:

    (from their site)

    npm install -g local-cors-proxy
    

    API endpoint that we want to request that has CORS issues: https://www.yourdomain.ie/movies/list

    Start Proxy: lcp --proxyUrl https://www.yourdomain.ie

    Then in your client code, new API endpoint: http://localhost:8010/proxy/movies/list

    Worked like a charm for me: your app calls the proxy, who calls the server. Zero CORS problems.

    0 讨论(0)
  • 2020-11-22 01:35

    The solution is to install an extension that lifts the block that Chrome does, for example:

    Access Control-Allow-Origin - Unblock (https://add0n.com/access-control.html?version=0.1.5&type=install).

    0 讨论(0)
  • 2020-11-22 01:37

    I decided not to touch headers and make a redirect on the server side instead and it woks like a charm.

    The example below is for the current version of Angular (currently 9) and probably any other framework using webpacks DevServer. But I think the same principle will work on other backends.

    So I use the following configuration in the file proxy.conf.json:

    {
      "/api": {
        "target": "http://localhost:3000",
        "pathRewrite": {"^/api" : ""},
       "secure": false
     }
    }
    

    In case of Angular I serve with that configuration:

    $ ng serve -o --proxy-config=proxy.conf.json
    

    I prefer to use the proxy in the serve command, but you may also put this configuration to angular.json like this:

    "architect": {
      "serve": {
        "builder": "@angular-devkit/build-angular:dev-server",
        "options": {
          "browserTarget": "your-application-name:build",
          "proxyConfig": "src/proxy.conf.json"
        },
    

    See also:

    https://www.techiediaries.com/fix-cors-with-angular-cli-proxy-configuration/

    https://webpack.js.org/configuration/dev-server/#devserverproxy

    0 讨论(0)
提交回复
热议问题