即使我包含了所有标题也无法删除 CORS 错误

Question

我正在使用 js 客户端和服务器端 (python) 编写简单的网站，我尽一切努力消除 CORS 错误，但没有任何效果。我为此编写了所有需要的标题，但仍然出现此错误。所以网站应该向服务器发送请求并获得答案。 错误：

Access to XMLHttpRequest at 'http://127.0.0.1:8000/' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我的文件.html：

<!DOCTYPE html>
<html>
<head>
    <title>requestJs</title>
</head>
<body>
<button class="myButton">SEND</button>
<script type="text/javascript">
let theButton = document.querySelector(".myButton");
    theButton.addEventListener('click',function() {
  const xhr = new XMLHttpRequest();

xhr.onload = function() {
 alert(`Статус: ${xhr.status}; Результат: ${xhr.response}`)
};

xhr.onerror = function() {
  alert('Ошибка запроса');
};

xhr.open("GET", "http://127.0.0.1:8000/", true);
xhr.send(2);
    })

</script>
</body>
</html>

服务器端：

import http.server as httpserver


class CORSHTTPRequestHandler(httpserver.SimpleHTTPRequestHandler):
    def send_head(self):
        """Common code for GET and HEAD commands.
        This sends the response code and MIME headers.
        Return value is either a file object (which has to be copied
        to the outputfile by the caller unless the command was HEAD,
        and must be closed by the caller under all circumstances), or
        None, in which case the caller has nothing further to do.
        """
        path = self.translate_path(self.path)
        f = None
        if os.path.isdir(path):
            if not self.path.endswith('/'):
                # redirect browser - doing basically what apache does
                self.send_response(301)
                self.send_header("Location", self.path + "/")
                self.end_headers()
                return None
            for index in "index.html", "index.html":
                index = os.path.join(path, index)
                if os.path.exists(index):
                    path = index
                    break
            else:
                return self.list_directory(path)
        ctype = self.guess_type(path)
        try:
            # Always read in binary mode. Opening files in text mode may cause
            # newline translations, making the actual size of the content
            # transmitted *less* than the content-length!
            f = open(path, 'rb')
        except IOError:
            self.send_error(404, "File not found")
            return None
        self.send_response(200)
        self.send_header("Content-type", ctype)
        fs = os.fstat(f.fileno())
        self.send_header("Content-Length", str(fs[6]))
        self.send_header("Last-Modified", self.date_time_string(fs.st_mtime))
        self.send_header("Access-Control-Allow-Origin:", "*")
        self.send_header("Access-Control-Allow-Methods:", "GET,HEAD,PUT,PATCH,POST,DELETE")
        self.send_header("Access-Control-Allow-Headers:", "Content-Type, Access-Control-Allow-Origin, xxx")
        self.end_headers()
        return f


if __name__ == "__main__":
    import os
    import socketserver

    import sys

    PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 8000

    handler = CORSHTTPRequestHandler

    httpd = socketserver.TCPServer(("", PORT), handler)

    print(f"serving at port {PORT}")
    httpd.serve_forever()

请帮帮我，我的问题是什么？

Answer 1

这不是一个全面的答案，但它可能会有所帮助。

CORS 完全是一种浏览器功能。您可以在浏览器中将其关闭。因此，我建议第一步是启动一个无 CORS 的浏览器来测试您的应用程序。确保不要在此浏览器会话中打开您的银行页面，这不安全！

google-chrome --user-data-dir=/var/tmp/Chrome --disable-web-security

如果一切正常，那么问题只是 CORS。 如果你只在开发环境中运行，你甚至可以每次都这样做。 如果您在生产环境中运行，最简单的选择通常就是使用为您修复这些内容的网关。我就是这样开始工作的。

如果上述内容还不够好并且您想调试，请记住所有浏览器 CORS 请求都是由预检 OPTIONS 请求发起的。有时这就是问题所在。确保您的服务器能够处理和响应 OPTIONS，并检查它是否正确响应。