快车 - 无法发送重定向,回应预检要求未通过访问控制检查
当试图将用户重定向到登录页面,我总是得到这样的错误:快车 - 无法发送重定向,回应预检要求未通过访问控制检查
Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'null' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
在我的Express应用程序,我已经实现了CORS:
var corsOptions = {
origin: 'http://localhost:4200',
credentials: true
}
app.use(cors(corsOptions));
然后我尝试将用户重定向:
router.use(function(req,res,next){
if((req.session.user == null){
res.redirect('http://localhost:4200' + '/login')
}
else
next();
});
在4角我使用{withCredentials:true}发送所有请求,因为我使用的是Cookie;
这些都是请求/响应头:
响应:
Access-Control-Allow-Credentials:true Access-Control-Allow-Origin: http://localhost:4200 Connection:keep-alive Date:Thu, 10 Aug 2017 12:09:55 GMT Location: http://localhost:4200/login set-cookie:semanaintegrada.session=s%3A6nieAv1pfn2V-2x7H4HbnqJFbYsgJmwy.hO1QKm%2Fgm6Kmso8pLCQ5zrZAVNhIYgfr%2BgzOB0oI9UA; Path=/; Expires=Thu, 10 Aug 2017 13:09:55 GMT Transfer-Encoding:chunked Vary:Origin X-Powered-By:Express
请求:
Accept:application/json, text/plain,/Accept-Encoding:gzip, deflate, br Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4 Cache-Control:no-cache Connection:keep-alive Content-Length:39 content-type:application/json Cookie:semanaintegrada.session=s%3AwuiVwYs3Ahs4dfLULfpqMBcrnbthY7sZ.OYZk%2FCnZGHAe8v1T8nWpbAdFQVsXjUFAQxnYI27%2FZlE Host:localhost:3000 Origin: http://localhost:4200 Pragma:no-cache Referer: http://localhost:4200/ User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
此外,在Chrome中有创建的4个请求(我不知道为什么)。 3我的快递应用程序 和1到本地主机:4200 最后一个有Access-Control-Allow-Origin:*和Origin null 这可能是相关的吗?
“凭证标志”指XMLHttpRequest.withCredentials请求正在作出,而不是一个接入控制允许凭据报头。
如果请求的withCredentials是真,Access-Control-Allow-Origin: *
不能使用,即使没有Access-Control-Allow-Credentials header.
但我仍然需要发送“withCredentials”参数,因为我需要使用的cookies在我的要求下,我能做些什么? – julianomontini