随时随地定制cors
我已经在Heroku中部署(托管)cors-anywhere,但我不知道如何自定义它。例如,我想在白名单中添加站点链接。我从这个链接获得数据:.php?param=rv&dfrm=null&dto=null&numloc=1&data24=1&locs[]=711
我该怎么办?我试过触摸server.js文件:
// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
//var port = process.env.PORT || 443;
var port = process.env.PORT || 8080;
// Grab the blacklist from the command-line so that we can update the blacklist without deploying
// again. CORS Anywhere is open by design, and this blacklist is not used, except for countering
// immediate abuse (e.g. denial of service). If you want to block all origins except for some,
// use originWhitelist instead.
var originBlacklist = parseEnvList(process.env.CORSANYWHERE_BLACKLIST);
//var originWhitelist = ['.php','.php','',''];
var originWhitelist = parseEnvList(process.env.CORSANYWHERE_WHITELIST);
function parseEnvList(env) {
if (!env) {
return [];
}
return env.split(',');
}
// Set up rate-limiting to avoid abuse of the public CORS Anywhere server.
var checkRateLimit = require('./lib/rate-limit')(process.env.CORSANYWHERE_RATELIMIT);
var cors_proxy = require('./lib/cors-anywhere');
cors_proxy.createServer({
originBlacklist: originBlacklist,
originWhitelist: originWhitelist,
requireHeader: ['origin', 'x-requested-with'],
checkRateLimit: checkRateLimit,
removeHeaders: [
'cookie',
'cookie2',
// Strip Heroku-specific headers
'x-heroku-queue-wait-time',
'x-heroku-queue-depth',
'x-heroku-dynos-in-use',
'x-request-start',
],
redirectSameOrigin: true,
httpProxyOptions: {
// Do not add X-Forwarded-For, etc. headers, because Heroku already adds it.
xfwd: false,
},
}).listen(port, host, function() {
console.log('Running CORS Anywhere on ' + host + ':' + port);
});
但是当我访问数据并查看控制台日志时,它会返回403错误,这是被禁止的。
回答如下:注意:当您说自托管CORS时,它只适用于您的站点代理。服务器上的CORS设置不适用于您提到的站点列表。他们将拥有自己的CORS过滤器设置。
403实际上是指禁止的资源而不是CORS问题。 Cors问题看起来如下: -
请求的资源上不存在“Access-Control-Allow-Origin”标头。因此不允许原点'yourUrl'访问。响应具有HTTP状态代码400
对于cors-白名单代码非常简单,如下所述: -
// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
var port = process.env.PORT || 8080;
var cors_proxy = require('cors-anywhere');
cors_proxy.createServer({
originWhitelist: ['http://fmon.asti.dost.gov.ph'], // Allow all origins
requireHeader: ['origin', 'x-requested-with'],
removeHeaders: ['cookie', 'cookie2']
}).listen(port, host, function() {
console.log('Running CORS Anywhere on ' + host + ':' + port);
});
理想情况下,您的应用程序可以在某处调用此方法。
如果从应用程序访问此URL时收到403,请确保您提到的URL受到保护,并且在请求之前必须完成正确的身份验证。