Web2Py上运行的API的CORS问题

本文介绍了Web2Py上运行的API的CORS问题的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我进行了很多搜索，尽管我发现了类似的问题，但似乎我还没有找到答案，也许您可​​以帮助我。

I've searching a lot and although I found similar issues, it seems that I haven't found my answer yet and maybe you can help me.

我在我的Web2Py框架上具有以下API，并且我正在使用AngularJS前端应用程序对其进行访问，并且遇到了CORS问题（我已经在* orign或我的特定IP和端口中尝试过*，但效果不佳）。不过，它确实适用于IE，但不适用于Chrome或Mozilla。

I have the following API on my Web2Py framework and I am accessing it with a AngularJS front-end app and I am having CORS issues (I already tried * in the orign or my specific IP and port but no good results). Nevertheless, it does work with IE but not with Chrome or Mozilla.

@request.restful() def api(): def GET(): key = main() #generate random XML and returns the key response.headers['Content-Type'] = '*' response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Max-Age'] = 86400 response.headers['Access-Control-Allow-Headers'] = '*' response.headers['Access-Control-Allow-Methods'] = '*' response.headers['Access-Control-Allow-Credentials'] = 'true' response.view = 'generic.xml' value = cb.get(key).value #get value stored into couchbase return value return dict(GET=GET)

有关前端应用程序错误的更多详细信息：

More details about the error from the front-end app:

XMLHttpRequest无法加载 http ：// my_IP：8000 / my_app / default / api / 。 对预检请求的响应未通过访问控制检查：所请求的资源上没有标头 Access-Control-Allow-Origin。因此，不允许访问来源 http：// my_IP：8080 。 响应的HTTP状态码为405。

XMLHttpRequest cannot load my_IP:8000/my_app/default/api/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'my_IP:8080' is therefore not allowed access. The response had HTTP status code 405.

从我的前端应用程序中，我确定我具有正确的功能

From my front-end app I am sure I have the right function for calling the API.

谢谢！

推荐答案

您的响应标头需要进入GET（）函数之外。

Your response headers need to go outside of the GET() function.

@request.restful() def api(): response.view = 'generic.json' response.headers["Access-Control-Allow-Origin"] = '*' response.headers['Access-Control-Max-Age'] = 86400 response.headers['Access-Control-Allow-Headers'] = '*' response.headers['Access-Control-Allow-Methods'] = '*' response.headers['Access-Control-Allow-Credentials'] = 'true' def GET(tablename, id): if not tablename == 'person': raise HTTP(400) return dict(person = db.person(id)) def POST(tablename, **fields): if not tablename == 'person': raise HTTP(400) return db.person.validate_and_insert(**fields) return locals()

web2py/books/default/chapter/29/10/services?search=restful#Low-level-API-and-other-recipes