解决NodeJS+Express模块的跨域访问控制问题 [转]

在一个项目上想用NodeJS,在前端的JS(http://localhost/xxx)中ajax访问后端RestAPI(http://localhost:3000/….)时(Chrome)报错:

XMLHttpRequest cannot load http://localhost:3000/auth/xxx/xxx. Origin http://localhost is not allowed by Access-Control-Allow-Origin.


解决代码:

方案一:


var express = require('express');
var app = express();
//设置跨域访问
app.all('*', function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    res.header("Access-Control-Allow-Methods","PUT,POST,GET,DELETE,OPTIONS");
    res.header("X-Powered-By",' 3.2.1')
    res.header("Content-Type", "application/json;charset=utf-8");
    next();
});

app.get('/auth/:id/:password', function(req, res) {
    res.send({id:req.params.id, name: req.params.password});
});

app.listen(3000);
console.log('Listening on port 3000...');


方案二:

var express = require('express');
var app = express();

app.get('/auth/:id/:password', function(req, res) {
    res.header("Access-Control-Allow-Origin", "*");   //设置跨域访问
    res.send({id:req.params.id, name: req.params.password});
});

app.listen(3000);
console.log('Listening on port 3000...');


发表评论

登录 后参与评论

评论列表 (1条)

  • xiaohn2013
    2 年前
    这个其实还是有一些不足, 在方案二的基础上应该添加: res.header("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With"); res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); 会更好。