我正在尝试在node.js中构建一个Web服务器,该服务器将支持跨域脚本编写,同时仍从公共目录中提供静态文件。我正在使用express.js,但不确定如何允许跨域脚本(Access- Control-Allow-Origin: *)。
Access- Control-Allow-Origin: *
var express = require('express') , app = express.createServer(); app.get('/', function (req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }); app.configure(function () { app.use(express.methodOverride()); app.use(express.bodyParser()); app.use(app.router); }); app.configure('development', function () { app.use(express.static(__dirname + '/public')); app.use(express.errorHandler({ dumpExceptions: true, showStack: true })); }); app.configure('production', function () { var oneYear = 31557600000; // app.use(express.static(__dirname + '/public', { maxAge: oneYear })); app.use(express.static(__dirname + '/public')); app.use(express.errorHandler()); }); app.listen(8888); console.log('express running at http://localhost:%d', 8888);
查看来自enable-cors.org的示例:
在node.js上的ExpressJS应用中,对路由执行以下操作: app.all('/', function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }); app.get('/', function(req, res, next) { // Handle the get for this route }); app.post('/', function(req, res, next) { // Handle the post for this route });
在node.js上的ExpressJS应用中,对路由执行以下操作:
app.all('/', function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }); app.get('/', function(req, res, next) { // Handle the get for this route }); app.post('/', function(req, res, next) { // Handle the post for this route });
首次呼叫(app.all)应该在应用中的所有其他路由(或至少要启用CORS的路由)之前进行。
app.all
[编辑]
如果您还希望显示静态文件的标头,请尝试执行此操作(确保在调用之前use(express.static()):
use(express.static())
app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); });
我用您的代码对此进行了测试,并从public目录中获取了资产的标头:
public
var express = require('express') , app = express.createServer(); app.configure(function () { app.use(express.methodOverride()); app.use(express.bodyParser()); app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }); app.use(app.router); }); app.configure('development', function () { app.use(express.static(__dirname + '/public')); app.use(express.errorHandler({ dumpExceptions: true, showStack: true })); }); app.configure('production', function () { app.use(express.static(__dirname + '/public')); app.use(express.errorHandler()); }); app.listen(8888); console.log('express running at http://localhost:%d', 8888);
当然,您可以将该功能打包到一个模块中,以便可以执行以下操作
// cors.js module.exports = function() { return function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }; } // server.js cors = require('./cors'); app.use(cors());