【发布时间】:2021-09-02 10:44:29
【问题描述】:
我正在尝试在 NestJS 中设置响应标头,但不断收到以下错误:
跨域请求被阻止:同源策略不允许读取位于https://companyName.okta.com/app/companyName_imentorlocalhost_1/exk1hp5ht4vrEzqGg0h8/sso/saml?SAMLRequest=nVPLct.. 的远程资源。 (原因:CORS 标头“Access-Control-Allow-Origin”缺失)。
我尝试在控制器中设置标题,但没有成功:
auth.controller:
@UseGuards(SamlAuthGuard)
@Header('Access-Control-Allow-Origin', '*')
@Get('box-utility-service/auth/login')
login(@Request() req): any {}
@UseGuards(SamlAuthGuard)
@Header('Access-Control-Allow-Origin', '*')
@Post('imentor-service/login/callback')
oktaCallback (@Request() req, @Response() res: Response): any {
return this.authService.login(req);
}
还尝试在拦截器中设置标头。也没有用:
header.interceptor.ts:
@Injectable()
export class HeaderInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
return next.handle().pipe(
tap(() => {
const res = context.switchToHttp().getResponse();
res.setHeader('Access-Control-Allow-Origin', '*');
})
)
}
}
这是我的main.ts,我在其中启用了 CORS:
async function bootstrap() {
const app = await NestFactory.create(AppModule);
app.use(
session({
secret: 'my-secret',
resave: false,
saveUninitialized: false
}),
);
app.enableCors({
allowedHeaders: [ 'Accept', 'Accept-Version', 'Content-Type', 'Api-Version', 'Origin', 'X-Requested-With',
'Authorization' ],
origin: [ 'https://companyName.okta.com', 'http://localhost:4200', 'http://localhost' ],
credentials: true,
exposedHeaders: [ 'API-Token-Expiry' ]
});
app.useGlobalInterceptors(new HeaderInterceptor());
await app.listen(3000);
}
bootstrap();
这是我的saml-strategy.ts 文件,我将Passport 策略定义为SAML:
import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { AuthService } from './auth.service';
const nconf = require('nconf');
import { get } from 'lodash';
const SamlStrategy = require('passport-saml').Strategy;
import { UsersService } from '../users/users.service';
@Injectable()
export class Saml2Strategy extends PassportStrategy(SamlStrategy, 'saml') {
users = [];
constructor(
private authService: AuthService,
private usersService: UsersService
) {
super({
issuer: nconf.get('saml:issuer'),
path: nconf.get('saml:path'),
entryPoint: nconf.get('saml:entryPoint'),
cert: nconf.get('saml:cert')
});
}
async validate(payload: any) {
const oeid = payload.nameID;
let user;
if (oeid) {
try {
let userADData = await this.authService.validateUser(oeid);
userADData = get(userADData, 'data.data[0]');
if (userADData) {
user = await this.usersService.findOrCreate(userADData);
}
return user;
} catch (err) {
return err;
}
}
}
}
知道发生了什么吗?谢谢。
【问题讨论】:
-
也许这有帮助? docs.nestjs.com/security/cors
-
@MikeOne 谢谢。是的,这就是我在项目中设置它的方法,并根据github.com/expressjs/cors#configuration-options 在上面的
main.ts中将一些options传递给app.enableCors。虽然我一定是错过了什么。
标签: javascript angular nestjs saml nestjs-passport