Cors阻止我获取服务器端点并重定向。

Question

我正在尝试构建一个Oauth2流。Cors一直阻塞我对自己服务器的GET请求。

localhost:3000是浏览器。

localhost:3001是服务器。

我在下面的NestJS中设置了cors，它适用于所有其他非重定向端点：

// main.ts
import { corsConfig } from '#common/config/index';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);

  app.enableCors({
    origin: [
      /^https?:\/\/localhost:3000/,
    ],
    methods: ['GET', 'POST'],
    credentials: true,
  });

  await app.listen(process.env.PORT || 3001);
}
bootstrap();

当请求到我的服务器端点时.这些是request.headers

{
  "host": "localhost:3001",
  "connection": "keep-alive",
  "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"100\"",
  "accept": "application/json, text/plain, */*",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) SomeStuff",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "http://localhost:3000",
  "sec-fetch-site": "same-site",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "http://localhost:3000/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q=0.9,fr;q=0.8,es;q=0.7,de;q=0.6",
  "cookie": "Authentication=someStuff"
}

从我的服务器响应时，这些是response.headers

{
  "cross-origin-opener-policy": "same-origin",
  "cross-origin-resource-policy": "same-origin",
  "x-dns-prefetch-control": "off",
  "expect-ct": "max-age=0",
  "x-frame-options": "SAMEORIGIN",
  "strict-transport-security": "max-age=15552000; includeSubDomains",
  "x-download-options": "noopen",
  "x-content-type-options": "nosniff",
  "origin-agent-cluster": "?1",
  "x-permitted-cross-domain-policies": "none",
  "referrer-policy": "no-referrer",
  "x-xss-protection": "0",
  "access-control-allow-origin": "http://localhost:3000",
  "vary": "Origin",
  "access-control-allow-credentials": "true",
  "x-ratelimit-limit": "30",
  "x-ratelimit-remaining": "28",
  "x-ratelimit-reset": "60"
}

这是我的浏览器控制台中的Cors错误

Access to XMLHttpRequest at 'https://example.com/' (redirected from 
'http://localhost:3001/test') from origin 'http://localhost:3000' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' 
header is present on the requested resource.

为了让GET请求在浏览器中被重定向，我需要更改什么？或者这是不可能的，它只需要使用window.location访问站点。

Answer 1

我知道这不是理想的解决方案，但是对于本地环境中的个人项目，我使用了“MoesifOrigin&Cors”浏览器扩展来解决这个恼人的问题。

谷歌Chrome：https://chrome.google.com/webstore/detail/moesif-origin-cors-change/digfbfaphojjndkpccljibejjbppifbc

火狐：https://addons.mozilla.org/en-US/firefox/addon/moesif-origin-cors-changer1/