【问题标题】:CORS errors in pouchdbpouchdb 中的 CORS 错误
【发布时间】:2014-08-30 22:16:52
【问题描述】:

我在 Firefox 和 Chrome 中遇到了 CORS 错误,但在 cURL 中没有。这是我的 cURL:

curl -H "Origin: http://mymachine:8080" https://wamoyo.cloudant.com/simpsons -v

这是我的命令,这是输出:

* Hostname was NOT found in DNS cache
*   Trying 184.173.163.133...
* Connected to wamoyo.cloudant.com (184.173.163.133) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*    subject: C=US; ST=Massachusetts; L=Boston; O=Cloudant, Inc.; OU=Engineering; CN=*.cloudant.com
*    start date: 2013-01-29 00:00:00 GMT
*    expire date: 2016-02-19 12:00:00 GMT
*    subjectAltName: wamoyo.cloudant.com matched
*    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
*    SSL certificate verify ok.
> GET /simpsons HTTP/1.1
> User-Agent: curl/7.35.0
> Host: wamoyo.cloudant.com
> Accept: */*
> Origin: http://mymachine:8080
> 
< HTTP/1.1 200 OK
< X-Couch-Request-ID: 1efb92f7dd
* Server CouchDB/1.0.2 (Erlang OTP/R14B) is not blacklisted
< Server: CouchDB/1.0.2 (Erlang OTP/R14B)
< Date: Wed, 09 Jul 2014 18:25:37 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 362
< Cache-Control: must-revalidate
< Access-Control-Expose-Headers: content-type, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev

这是重要的一点:

< Access-Control-Allow-Origin: http://mymachine:8080

< Access-Control-Allow-Credentials: true
< 
{"update_seq":"34-g1AAAADreJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_ViI_qiZjfJqSHIBkUj1YH5plRvj05bEASYYGIAXUuj8rkQtVrylhvQcgeoH2smYBAApoT3A","db_name":"simpsons","purge_seq":0,"other":{"data_size":593},"doc_del_count":0,"doc_count":6,"disk_size":750276,"disk_format_version":5,"compact_running":false,"instance_start_time":"0"}
* Connection #0 to host wamoyo.cloudant.com left intact

好的,现在浏览器,仍然返回这个错误:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://wamoyo.cloudant.com/simpsons/_changes?timeout=25000&style=all_docs&feed=longpoll&since=35-g1AAAAEjeJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_VgZTIn8uUIA9zcQ81cgkCdUIY3xGJDkAyaR6qCmsEFOMkxMTUy1RTTHCZ0oeC5BkaABSQIP2g0ziApuUYpJmZmZqjmqSKWGTDkBMQnKTuVFymoFxUhYAK3pbEA&limit=25&_nonce=7YzIfmsBHKTHaGPq. This can be fixed by moving the resource to the same domain or enabling CORS.

当我运行 PouchDB 的同步或复制功能时。

PouchDB.sync('https://wamoyo.cloudant.com/simpsons/', 'simpsons', {live: true})
  .on('change', onChange)
  .on('complete', onComplete)
  .on('error', onError);

function onChange (info) {
  alert('onChange running');
}
function onComplete (info) {
  alert('onComplete running');
}
function onError (err) {
  alert('onError ' + err);
}

【问题讨论】:

    标签: javascript couchdb sync pouchdb


    【解决方案1】:

    CORS 仅适用于浏览器上下文。因此,要使其与 PouchDB 一起使用,您必须将 CouchDB CORS Headers 设置为允许您从任何域访问它。

    CORS 是一项仅适用于浏览器的安全功能。浏览器试图保护用户免受网站的影响,否则可能会向其他域发出 AJAX 请求。

    例如:当您在 stackoverflow.com 上时,如果它尝试向 mail.google.com 发出 AJAX 请求,那么您的浏览器有理由相信 mail.google.com 可能不允许这样做。因此,它通过 OPTIONS 请求询问 mail.google.com,以判断 stackoverflow.com 是否被列入白名单以发出该特定请求。如果是,则浏览器允许实际请求。否则,它将作为错误阻止。

    现在,就 curl 或任何其他非浏览器请求工具而言,它们的工作方式不同。他们是您的代表,因此假定您不会对自己做任何错事。

    【讨论】:

      猜你喜欢
      • 2015-07-21
      • 1970-01-01
      • 1970-01-01
      • 2017-01-24
      • 2016-04-20
      • 1970-01-01
      • 2017-10-07
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多