nodejs express设置允许跨域示例
前端设置withCredentials时,后端需要有2处配合,一个是 Access-Control-Allow-Origin不能是*号,另外一个是Access-Control-Allow-Credentials需要设为true
这样才能跨域请求时,携带cookie
const express = require('express');
const app = express();
const allowedOrigins = ['http://localhost:3000', 'http://127.0.0.1:5500'];
app.use((req, res, next) => {
const origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
// 设置允许的来源
res.setHeader('Access-Control-Allow-Origin', origin);
// 允许携带 Cookie
res.setHeader('Access-Control-Allow-Credentials', 'true');
// 允许的请求方法
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
// 允许的请求头
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
// 预检请求结果缓存时间,单位秒
res.setHeader('Access-Control-Max-Age', '86400');
}
// 预检请求直接返回
if (req.method === 'OPTIONS') {
return res.sendStatus(200);
}
next();
});
app.get('/api/data', (req, res) => {
res.json({ message: '跨域请求成功!' });
});
app.listen(8000, () => {
console.log('Server is running on port 8000');
});
详细说明参考如何解决跨域请求的问题(CORS)?-CSDN博客