CORS errors in pouchdb

CORS errors in pouchdb

本文关键字:pouchdb in errors CORS      更新时间:2023-09-26

我在Firefox和Chrome中得到CORS错误,但在cURL中没有。这是cURL:

curl -H "Origin: http://mymachine:8080" https://wamoyo.cloudant.com/simpsons -v

这是我的命令,下面是输出:

* Hostname was NOT found in DNS cache
*   Trying 184.173.163.133...
* Connected to wamoyo.cloudant.com (184.173.163.133) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*    subject: C=US; ST=Massachusetts; L=Boston; O=Cloudant, Inc.; OU=Engineering; CN=*.cloudant.com
*    start date: 2013-01-29 00:00:00 GMT
*    expire date: 2016-02-19 12:00:00 GMT
*    subjectAltName: wamoyo.cloudant.com matched
*    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
*    SSL certificate verify ok.
> GET /simpsons HTTP/1.1
> User-Agent: curl/7.35.0
> Host: wamoyo.cloudant.com
> Accept: */*
> Origin: http://mymachine:8080
> 
< HTTP/1.1 200 OK
< X-Couch-Request-ID: 1efb92f7dd
* Server CouchDB/1.0.2 (Erlang OTP/R14B) is not blacklisted
< Server: CouchDB/1.0.2 (Erlang OTP/R14B)
< Date: Wed, 09 Jul 2014 18:25:37 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 362
< Cache-Control: must-revalidate
< Access-Control-Expose-Headers: content-type, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev

重要的是:

< Access-Control-Allow-Origin: http://mymachine:8080
< Access-Control-Allow-Credentials: true
< 
{"update_seq":"34-g1AAAADreJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_ViI_qiZjfJqSHIBkUj1YH5plRvj05bEASYYGIAXUuj8rkQtVrylhvQcgeoH2smYBAApoT3A","db_name":"simpsons","purge_seq":0,"other":{"data_size":593},"doc_del_count":0,"doc_count":6,"disk_size":750276,"disk_format_version":5,"compact_running":false,"instance_start_time":"0"}
* Connection #0 to host wamoyo.cloudant.com left intact

好了,现在浏览器仍然返回这个错误:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://wamoyo.cloudant.com/simpsons/_changes?timeout=25000&style=all_docs&feed=longpoll&since=35-g1AAAAEjeJzLYWBgYMlgTmFQTElKzi9KdUhJMtPLzc_PK87IzEvVS87JL01JzCvRy0styQEqZUpkSLL___9_VgZTIn8uUIA9zcQ81cgkCdUIY3xGJDkAyaR6qCmsEFOMkxMTUy1RTTHCZ0oeC5BkaABSQIP2g0ziApuUYpJmZmZqjmqSKWGTDkBMQnKTuVFymoFxUhYAK3pbEA&limit=25&_nonce=7YzIfmsBHKTHaGPq. This can be fixed by moving the resource to the same domain or enabling CORS.

当我运行包的同步或复制功能。

PouchDB.sync('https://wamoyo.cloudant.com/simpsons/', 'simpsons', {live: true})
  .on('change', onChange)
  .on('complete', onComplete)
  .on('error', onError);
function onChange (info) {
  alert('onChange running');
}
function onComplete (info) {
  alert('onComplete running');
}
function onError (err) {
  alert('onError ' + err);
}

CORS仅适用于浏览器上下文中。因此,要使它与PouchDB一起工作,您必须设置CouchDB CORS Headers以允许从任何域访问它。

CORS是一个仅适用于浏览器的安全特性。浏览器试图保护用户免受网站的攻击,否则网站可能会向其他域发出AJAX请求。

例如:当你在stackoverflow.com,如果它试图使一个AJAX请求mail.google.com,那么你的浏览器有理由相信这可能是不允许的mail.google.com。因此,它要求mail.google.com通过一个OPTIONS请求来告诉stackoverflow.com是否被列入白名单以发出特定的请求。如果是,则浏览器允许实际的请求。否则,它会将其作为错误阻止。

现在,就curl或任何其他非浏览器请求工具而言,它们的工作方式不同。他们是你的代表,因此我们假定你不会对自己做错什么。

相关文章: