Skip to content

Instantly share code, notes, and snippets.

@xgqfrms-GitHub

xgqfrms-GitHub/CORS-Express.md Secret

Last active August 8, 2017 06:52
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save xgqfrms-GitHub/0d36bd446ecb639d5b3b3c7e2e64cf81 to your computer and use it in GitHub Desktop.
Save xgqfrms-GitHub/0d36bd446ecb639d5b3b3c7e2e64cf81 to your computer and use it in GitHub Desktop.
Download ZIP
CORS-Express
Raw
CORS-Express.md

CORS-Express

https://www.w3.org/wiki/CORS

https://enable-cors.org/server_expressjs.html

https://github.com/monsur/enable-cors.org

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

app.get('/', function(req, res, next) {
  // Handle the get for this route
});

app.post('/', function(req, res, next) {
 // Handle the post for this route
});

https://stackoverflow.com/questions/11181546/how-to-enable-cross-origin-resource-sharing-cors-in-the-express-js-framework-o

var express = require('express')
  , app = express.createServer();

app.get('/', function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "X-Requested-With");
    next();
});

app.configure(function () {
    app.use(express.methodOverride());
    app.use(express.bodyParser());
    app.use(app.router);
});

app.configure('development', function () {

    app.use(express.static(__dirname + '/public'));
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

app.configure('production', function () {


    var oneYear = 31557600000;
    //    app.use(express.static(__dirname + '/public', { maxAge: oneYear }));
    app.use(express.static(__dirname + '/public'));
    app.use(express.errorHandler());
});

app.listen(8888);
console.log('express running at http://localhost:%d', 8888);

https://stackoverflow.com/questions/5916900/how-can-you-detect-the-version-of-a-browser

@xgqfrms-GitHub
Copy link
Author

https://stackoverflow.com/questions/23952045/wikipedia-api-cross-origin-requests

@xgqfrms-GitHub
Copy link
Author

https://gist.github.com/xgqfrms-GitHub/a3fcffb6d7923e2a7471041053f00162

@xgqfrms-GitHub
Copy link
Author

xgqfrms-GitHub commented Jun 3, 2017
edited 

"Access-Control-Allow-Origin", "*"

"Access-Control-Allow-Origin": "*",

@xgqfrms-GitHub
Copy link
Author

ok

fetch('https://cdn.xgqfrms.xyz/json/cats.json', {
    method: 'get'
}).then(function(response) {
    return response.json()
}).then(function(json) {
    console.log('parsed json: ', json)
}).catch(function(error) {
    console.log('parsing failed: ', error)
});

error

fetch('https://cdn.xgqfrms.xyz/json/cats.json', {
    method: 'get',
    headers: {
        'Accept': 'application/json',
        "Access-Control-Allow-Origin": "*",
        'Content-Type': 'application/json'
    }
}).then(function(response) {
    return response.json()
}).then(function(json) {
    console.log('parsed json: ', json)
}).catch(function(error) {
    console.log('parsing failed: ', error)
});

Promise {[[PromiseStatus]]: "pending", [[PromiseValue]]: undefined}
VM130:1 OPTIONS https://cdn.xgqfrms.xyz/json/cats.json 405 ()

index.html#/blog?_k=9bbmwk:1 Fetch API cannot load https://cdn.xgqfrms.xyz/json/cats.json.
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'null' is therefore not allowed access.
The response had HTTP status code 405.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

@xgqfrms-GitHub
Copy link
Author

对预检要求的响应不通过访问控制检查:请求资源上不存在“Access-Control-Allow-Origin”头。
Origin'null'因此不被允许访问。
该响应具有HTTP状态代码405。
如果一个不透明的响应满足您的需要,请将该请求的模式设置为“no-cors”,以禁用CORS来获取资源。

@xgqfrms-GitHub
Copy link
Author

ok

fetch('https://newsapi.org/v1/articles?source=the-next-web&sortBy=latest&apiKey=0987b00e542141369049e647701b65d9', {
    method: 'get'
}).then(function(response) {
    return response.json()
}).then(function(json) {
    console.log('parsed json: ', json)
}).catch(function(error) {
    console.log('parsing failed: ', error)
});

error

fetch('https://newsapi.org/v1/articles?source=the-next-web&sortBy=latest', {
    method: 'get',
    headers: {
        'Accept': 'application/json',
        "Access-Control-Allow-Origin": "*",
        'Content-Type': 'application/json',
        'X-Api-Key': `0987b00e542141369049e647701b65d9`
    }
}).then(function(response) {
    return response.json()
}).then(function(json) {
    console.log('parsed json: ', json)
}).catch(function(error) {
    console.log('parsing failed: ', error)
});

@xgqfrms-GitHub
Copy link
Author

xgqfrms-GitHub commented Jun 3, 2017
edited

get API

https://cdn.xgqfrms.xyz/

OK
cdn-ok

https://gist.github.com/

Error

csp-error

@xgqfrms-GitHub
Copy link
Author

chrome://chrome-urls/

https://www.cnblogs.com/laden666666/p/5544572.html

chrome://flags/

@xgqfrms-GitHub
Copy link
Author

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=D:\Chrome

"C:\Program Files (x86)\Google\Chrome\Application"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment