文章/答案/技术大牛

发布

社区首页 >问答首页 >为什么我的Meteor API中仍然有“Access-Control-Allow-Origin”？

问为什么我的Meteor API中仍然有“Access-Control-Allow-Origin”？
EN

Stack Overflow用户

提问于 2014-12-05 15:40:54

回答 1查看 1.2K关注 0票数 1

我得到了这个错误：

XMLHttpRequest cannot load http://xyz.meteor.com/api/posts/b7shrmshYZ85wsFLZ. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.jquery.com' is therefore not allowed access.

尽管我已经在我的代码中写了这段代码，但是我仍然收到这个错误。

this.response.setHeader("Access-Control-Allow-Origin", "*");
this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

我是不是漏掉了什么？我从以下位置获得代码：

https://github.com/awatson1978/rest-api

但我对路径进行了大量修改，使其更具RESTful。

//==============================================================================
// the following is a REST API that only uses the POST portion of the HTTP protocol
// and is suitable for automated browser testing

// be aware that POSTS refers to the HTTP protocol
// while 'posts' and 'Posts' refers to the weblog example used in the Meteor Cookbook
// this particular example has a slight bit of name-collision occurring


// api:      http://localhost:3000/api/posts
// example:  http://localhost:3000/api/posts
Router.route('/api/posts', function(){
  if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.find().fetch()
    ));
  } else if (this.request.method == 'POST') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.insert(this.request.body)
    ));
  } else {
    this.response.statusCode = 405;
    this.response.end("Invalid Request Type");
  };
}, {where: 'server'});

// api:      http://localhost:3000/api/posts/:postId
// example:  http://localhost:3000/api/posts/314159
Router.route('/api/posts/:postId', function(){
  if (!Posts.findOne({_id: this.params.postId})) {
    this.response.statusCode = 404;
    this.response.end("Invalid Request Type");
  } else if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'PUT') {
    Posts.update({_id: this.params.postId },{$set: this.request.body});
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'DELETE') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.remove({_id: this.params.postId })
    ));
  } else {
    this.response.statusCode = 405;
    this.response.end("Invalid Request Type");
  };
}, {where: 'server'});

Router.route('/api/posts/search/:user', function(){
  if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.find( { user: this.params.user } ).fetch()
    ));
  } else {
    this.response.statusCode = 405;
  };
}, {where: 'server'});

编辑：

算了，算出来了。我找不到了，需要做很多重构：

this.request.method == 'OPTIONS'

//==============================================================================
// the following is a vanilla REST API that uses the entire HTTP protocol

// api:      http://localhost:3000/api/posts
// example:  http://localhost:3000/api/posts

// api:      http://localhost:3000/api/posts/:postId
// example:  http://localhost:3000/api/posts/12345

// api:      http://localhost:3000/api/posts/search/:username
// example:  http://localhost:3000/api/posts/search/bill

Router.route('/api/posts', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      list_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.find().fetch()
    ));
  } else if (this.request.method == 'POST') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      insert_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.insert(this.request.body)
    ));
  } else if (this.request.method == 'OPTIONS') {
    this.response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS");
    this.response.end("OPTIONS Response");
  }
}, {where: 'server'});


Router.route('/api/posts/:postId', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  //Access-Control-Allow-Origin: http://foo.example
  //Access-Control-Allow-Methods: POST, GET, OPTIONS
  //Access-Control-Allow-Headers: X-PINGOTHER

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      get_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'PUT') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      update_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.update({_id: this.params.postId},{$set: this.request.body})
    ));
  } else if (this.request.method == 'DELETE') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      delete_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.remove({_id: this.params.postId })
    ));
  } else if (this.request.method == 'OPTIONS') {
    this.response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS");
    this.response.end("OPTIONS Response With Parameter");
  }
}, {where: 'server'});

Router.route('/api/posts/search/:user', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  //Access-Control-Allow-Origin: http://foo.example
  //Access-Control-Allow-Methods: POST, GET, OPTIONS
  //Access-Control-Allow-Headers: X-PINGOTHER

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      get_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.find( { user: this.params.user } ).fetch()
    ));
  };
}, {where: 'server'});

ajax

api

meteor

cross-domain

回答 1

Stack Overflow用户

发布于 2014-12-07 17:03:27

算了，算出来了。我错过了这个：

this.request.method == 'OPTIONS'

我的代码也需要大量的重构。

//==============================================================================
// the following is a REST API that only uses the POST portion of the HTTP protocol
// and is suitable for automated browser testing

// be aware that POSTS refers to the HTTP protocol
// while 'posts' and 'Posts' refers to the weblog example used in the Meteor Cookbook
// this particular example has a slight bit of name-collision occurring


// api:      http://localhost:3000/api/posts
// example:  http://localhost:3000/api/posts
Router.route('/api/posts', function(){
  if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.find().fetch()
    ));
  } else if (this.request.method == 'POST') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.insert(this.request.body)
    ));
  } else {
    this.response.statusCode = 405;
    this.response.end("Invalid Request Type");
  };
}, {where: 'server'});

// api:      http://localhost:3000/api/posts/:postId
// example:  http://localhost:3000/api/posts/314159
Router.route('/api/posts/:postId', function(){
  if (!Posts.findOne({_id: this.params.postId})) {
    this.response.statusCode = 404;
    this.response.end("Invalid Request Type");
  } else if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'PUT') {
    Posts.update({_id: this.params.postId },{$set: this.request.body});
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'DELETE') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.remove({_id: this.params.postId })
    ));
  } else {
    this.response.statusCode = 405;
    this.response.end("Invalid Request Type");
  };
}, {where: 'server'});

Router.route('/api/posts/search/:user', function(){
  if (this.request.method == 'GET') {
    this.response.statusCode = 200;
    this.response.setHeader("Content-Type", "application/json");
    this.response.setHeader("Access-Control-Allow-Origin", "*");
    this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    this.response.end(JSON.stringify(
      Posts.find( { user: this.params.user } ).fetch()
    ));
  } else {
    this.response.statusCode = 405;
  };
}, {where: 'server'});
EDIT:

Nevermind, figured it out. I was missing and needed a LOT of refactoring:

this.request.method == 'OPTIONS'

//==============================================================================
// the following is a vanilla REST API that uses the entire HTTP protocol

// api:      http://localhost:3000/api/posts
// example:  http://localhost:3000/api/posts

// api:      http://localhost:3000/api/posts/:postId
// example:  http://localhost:3000/api/posts/12345

// api:      http://localhost:3000/api/posts/search/:username
// example:  http://localhost:3000/api/posts/search/bill

Router.route('/api/posts', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      list_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.find().fetch()
    ));
  } else if (this.request.method == 'POST') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      insert_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.insert(this.request.body)
    ));
  } else if (this.request.method == 'OPTIONS') {
    this.response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS");
    this.response.end("OPTIONS Response");
  }
}, {where: 'server'});


Router.route('/api/posts/:postId', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  //Access-Control-Allow-Origin: http://foo.example
  //Access-Control-Allow-Methods: POST, GET, OPTIONS
  //Access-Control-Allow-Headers: X-PINGOTHER

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      get_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.findOne({_id: this.params.postId })
    ));
  } else if (this.request.method == 'PUT') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      update_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.update({_id: this.params.postId},{$set: this.request.body})
    ));
  } else if (this.request.method == 'DELETE') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      delete_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.remove({_id: this.params.postId })
    ));
  } else if (this.request.method == 'OPTIONS') {
    this.response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS");
    this.response.end("OPTIONS Response With Parameter");
  }
}, {where: 'server'});

Router.route('/api/posts/search/:user', function(){
  // console.log('################################################');
  // console.log(this.request.method);
  // console.log(this.request.headers);
  // console.log('this.params.postId: ' + this.params.postId);
  //
  // console.log('------------------------------');
  // console.log(this.request.body);
  // console.log('------------------------------');

  this.response.statusCode = 200;
  this.response.setHeader("Content-Type", "application/json");
  this.response.setHeader("Access-Control-Allow-Origin", "*");
  this.response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  //Access-Control-Allow-Origin: http://foo.example
  //Access-Control-Allow-Methods: POST, GET, OPTIONS
  //Access-Control-Allow-Headers: X-PINGOTHER

  if (this.request.method == 'GET') {
    Statistics.update({_id: "configuration"},{$inc:{
      total_count: 1,
      get_count: 1
    }});
    this.response.end(JSON.stringify(
      Posts.find( { user: this.params.user } ).fetch()
    ));
  };
}, {where: 'server'});

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/27311103

复制

相似问题

问为什么我的Meteor API中仍然有“Access-Control-Allow-Origin”？
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问为什么我的Meteor API中仍然有“Access-Control-Allow-Origin”？EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问为什么我的Meteor API中仍然有“Access-Control-Allow-Origin”？
EN