在使用Node+Express时,踩到了跨域访问控制坑。
错误如下:
XMLHttpRequest cannot load http://localhost:8090/api/login. Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin'header is present on the requested resource. Origin 'http://localhost:8084' is therefore not allowed access.
解决方案:
var express = require('express');
var app = express();
//设置跨域访问
app.all('*', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
res.header("Access-Control-Allow-Methods","PUT,POST,GET,DELETE,OPTIONS");
res.header("X-Powered-By",' 3.2.1')
res.header("Content-Type", "application/json;charset=utf-8");
next();
});
app.use('/', index);
app.listen(8000);
console.log('Listening on port 8000...');
当你再请求时,如若出现报如下的错:
Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.
浏览器不允许我们拿到数据,是因为Access-Control-Allow-Origin,浏览器的确发出了请求,只有当目标页面的response中,包含了 Access-Control-Allow-Origin 这个header,并且它的值里有我们自己的域名时,浏览器才允许我们拿到它页面的数据进行下一步处理。
解决方案:
设置跨域访问 的 headers: {"Access-Control-Allow-Headers":"X-Requested-With"} 中 Access-Control-Allow-Headers的值 添加 Content-Type
例: