nodejs express设置允许跨域示例

前端设置withCredentials时,后端需要有2处配合,一个是 Access-Control-Allow-Origin不能是*号,另外一个是Access-Control-Allow-Credentials需要设为true

这样才能跨域请求时,携带cookie

const express = require('express');
const app = express();

const allowedOrigins = ['http://localhost:3000', 'http://127.0.0.1:5500'];

app.use((req, res, next) => {
  const origin = req.headers.origin;
  if (allowedOrigins.includes(origin)) {
    // 设置允许的来源
    res.setHeader('Access-Control-Allow-Origin', origin);
    // 允许携带 Cookie
    res.setHeader('Access-Control-Allow-Credentials', 'true');
    // 允许的请求方法
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
    // 允许的请求头
    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
    // 预检请求结果缓存时间，单位秒
    res.setHeader('Access-Control-Max-Age', '86400');
  }
  // 预检请求直接返回
  if (req.method === 'OPTIONS') {
    return res.sendStatus(200);
  }
  next();
});

app.get('/api/data', (req, res) => {
  res.json({ message: '跨域请求成功！' });
});

app.listen(8000, () => {
  console.log('Server is running on port 8000');
});

详细说明参考如何解决跨域请求的问题（CORS）？-CSDN博客