javascript 如何在Cloudflare Workers中设置CORS?

qcbq4gxm  于 2023-04-19  发布在  Java
关注(0)|答案(5)|浏览(134)

我是Cloudflare Workers的新手。
如何在Cloudflare Workers中设置CORS?

response = await cache.match(cacheKey);
  if (!response) {
    // handle fetch data and cache
  }
  const myHeaders = new Headers();
  myHeaders.set("Access-Control-Allow-Origin", event.request.headers.get("Origin"));
  return new Response(JSON.stringify({
    response
  }), {
    status: 200, headers: myHeaders
  });
JavaScript

5条答案

按热度按时间
f2uvfpb9

f2uvfpb91#

其实挺痛苦的,有一个sample from Cloudflare,但是不能直接用,最近终于弄出来了,把详细步骤都放到了一个blog post里面。
下面是工人的完整代码。

// Reference: https://developers.cloudflare.com/workers/examples/cors-header-proxy
const corsHeaders = {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
        "Access-Control-Max-Age": "86400",
}
function handleOptions (request) {
        // Make sure the necessary headers are present
        // for this to be a valid pre-flight request
        let headers = request.headers
        if (
                headers.get("Origin") !== null &&
                headers.get("Access-Control-Request-Method") !== null &&
                headers.get("Access-Control-Request-Headers") !== null
        ) {
                // Handle CORS pre-flight request.
                // If you want to check or reject the requested method + headers
                // you can do that here.
                let respHeaders = {
                        ...corsHeaders,
                        // Allow all future content Request headers to go back to browser
                        // such as Authorization (Bearer) or X-Client-Name-Version
                        "Access-Control-Allow-Headers": request.headers.get("Access-Control-Request-Headers"),
                }
                return new Response(null, {
                        headers: respHeaders,
                })
        }
        else {
                // Handle standard OPTIONS request.
                // If you want to allow other HTTP Methods, you can do that here.
                return new Response(null, {
                        headers: {
                                Allow: "GET, HEAD, POST, OPTIONS",
                        },
                })
        }
}
async function handleRequest (request) {
        let response
        if (request.method === "OPTIONS") {
                response = handleOptions(request)
        }
        else {
                response = await fetch(request)
                response = new Response(response.body, response)
                response.headers.set("Access-Control-Allow-Origin", "*")
                response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
        }
        return response
}
addEventListener("fetch", (event) => {
        event.respondWith(
                handleRequest(event.request).catch(
                        (err) => new Response(err.stack, { status: 500 })
                )
        );
});
赞(0)分享  回复(0)举报  2023-04-19
li9yvcax

li9yvcax2#

你的代码没有设置Content-Type头。你应该使用myHeaders.set()设置它,或者使用原始的响应头,而不是创建一个空的headers对象:

response = await cache.match(cacheKey);
if (!response) {
    // handle fetch data and cache
}
const myHeaders = new Headers(response.headers);
myHeaders.set("Access-Control-Allow-Origin", event.request.headers.get("Origin"));

我也在质疑你为什么要在响应上使用JSON.stringify。我认为你想要的是这样的:

return new Response(response.body, {status: 200, headers: myHeaders});
赞(0)分享  回复(0)举报  2023-04-19
46scxncf

46scxncf3#

下面是它如何工作的。我使用的是Itty Router,但这应该对一个普通的工人也一样。

router.get("/data", async (request) => {
  const corsHeaders = {
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, OPTIONS",
    "Access-Control-Allow-Headers": "*",
  };
  if (request.method.toLowerCase() === "options") {
    return new Response("ok", {
      headers: corsHeaders,
    });
  }
  try {
    const data = await getData();
    return new Response(data, {
      headers: {
        "Content-Type": "application/json",
// don't forget this.👇🏻 You also need to send back the headers with the actual response
        ...corsHeaders,
      },
    });
  } catch (error) {}

  return new Response(JSON.stringify([]), {
    headers: corsHeaders,
  });
});

感谢这个免费的蛋头视频Add CORS Headers to a Third Party API Response in a Workers API

赞(0)分享  回复(0)举报  2023-04-19
4uqofj5v

4uqofj5v4#

Anurag's answer帮我完成了90%的工作,谢谢你。我也在使用itty-router,这是我必须添加的内容。
我创建了一个简单的preflight中间件:

const corsHeaders = {
  'Access-Control-Allow-Headers': '*',
  'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
  'Access-Control-Allow-Origin': '*',
};

export const withCorsPreflight = (request: Request) => {
  if (request.method.toLowerCase() === 'options') {
    return new Response('ok', {
      headers: corsHeaders,
    });
  }
};

然后我把它添加到每一条路线上。

router.all('*', withCorsPreflight);
router.get('/api/another-route', handler);

希望这有帮助!

赞(0)分享  回复(0)举报  2023-04-19
vcirk6k6

vcirk6k65#

这是“cloudflare worker cors error”的最高Google结果。
这里有一个超级简单的方法来设置正确的标题。
你可以像这样调用Cloudflare函数:

async function callCloudflareWorker(parameter) {
    const workerUrl = `https://name.account.workers.dev/`; // Replace  with your actual worker URL
    const response = await fetch(workerUrl, {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
        },
        body: JSON.stringify({ parameter }),
    });

    if (!response.ok) {
        throw new Error(`Error calling Cloudflare Worker: ${response.statusText}`);
    }

    const data = await response.json();
    return data;
}

这将向服务器发送一个请求。因为它来自浏览器,服务器需要发送一个竖起大拇指,是的,这是允许的。
你的Cloudflare worker看起来像这样:

addEventListener('fetch', (event) => {
  event.respondWith(handleRequest(event.request));
});

const corsHeaders = {
  'Access-Control-Allow-Headers': '*', // What headers are allowed. * is wildcard. Instead of using '*', you can specify a list of specific headers that are allowed, such as: Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Authorization.
  'Access-Control-Allow-Methods': 'POST', // Allowed methods. Others could be GET, PUT, DELETE etc.
  'Access-Control-Allow-Origin': '*', // This is URLs that are allowed to access the server. * is the wildcard character meaning any URL can.
}

async function handleRequest(request) {
  if (request.method === "OPTIONS") {
    return new Response("OK", {
      headers: corsHeaders
    });
  } else if (request.method === 'POST') {
    return doTheWork(request);
  } else if (request.method === 'GET') {
    return doTheWork(request);
  } else {
    return new Response("Method not allowed", {
      status: 405,
      headers: corsHeaders
    });
  }
}

async function doTheWork(request) {
  // Parse the request body to get the parameters
  const requestBody = await request.json();
  let parameter = requestBody.parameter;

  //do the work here
  let results = //What your worker does

  return new Response(JSON.stringify(results), {
    headers: {
      'Content-type': 'application/json',
      ...corsHeaders //uses the spread operator to include the CORS headers.
    }
  });
}

注意你是如何在响应中包含头信息的,这就像浏览器和服务器握手一样,是的,这种交互是可以的。
当然,使用 * 字符有问题,做一些研究,以确保你知道你在做什么,如果你正在设置和使用cookie等。
但这应该有助于新手,比如能够从前端使用Cloudflare工作人员。

赞(0)分享  回复(0)举报  2023-04-19
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com