如何解决Netlify和Heroku上的CORS头问题

hi3rlvi2  于 2023-05-29  发布在  其他
关注(0)|答案(1)|浏览(154)

Flutter Django应用程序托管在Netlify和Heroku上。当用户尝试登录时,显示以下错误消息:Access to XMLHttpRequest at [heroku url] from origin [netlify url] has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.在Django设置中,我有以下内容:

#settings.py

INSTALLED_APPS = [
    # other apps
    'corsheaders',
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    # other middlewares
]

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST = [
    [netlify url],
    [heroku url],

]

在netlify上,我做了以下补充:_headers.toml,并在build命令中添加了_headers:

Build Command: 
if [ -d "flutter" ]; then cd flutter && git pull && cd ..; else git clone https://github.com/flutter/flutter.git; fi; flutter/bin/flutter build web; cp _headers build/web/

#_headers
/*
  Access-Control-Allow-Origin: *

#netlify.toml
[[headers]]
  for = "/*"  # Match all paths
  [headers.values]
    Access-Control-Allow-Origin = "*"  # or specify your allowed domains here
    Access-Control-Allow-Headers = "Origin, X-Requested-With, Content-Type, Accept"
    Access-Control-Allow-Methods = "GET, POST, PUT, DELETE, OPTIONS"

我已经联系了Netlify支持,他们说:“据我所知,无论您连接到什么API,都不会发送该响应:
没有访问控制头。由于Netlify不提供此服务(如您所见,服务器是gunicorn),因此我们无法帮助您。
我有一个heroku配置vars,其中的ALLOWED_HOSTS设置为允许访问netlify。我不知道我还能做什么来解决这个问题。任何想法?任何帮助是非常感谢!

1wnzp6jl

1wnzp6jl1#

我不能100%确定这是否能解决你的问题,但在我的一个Netlify项目中,我在根目录下有一个名为_headers的文件,内容如下:

/*
  Access-Control-Allow-Origin: *

以下是Netlify文档的链接,其中提供了更多详细信息:https://docs.netlify.com/routing/headers/

相关问题