问题
Fairly new to Node and Express. I have a sails.js app that relies on knowing the origin of a request as I need to authenticate the request is coming from a domain that is registered.
I've seen in the logs that the origin is empty occasionally, why would this be happening? Is it not a good idea to rely on the origin property, is there another option?
Thanks
回答1:
The origin may be hidden if the user comes from an ssl encrypted website.
Also: Some browser extensions remove origin and referer from the http-request headers, and therefore the origin property will be empty.
You might want to create some sort of authentication token and pass it as a parameter, instead on relying on request headers. Especially since the headers can be faked/manipulated.
回答2:
Try with this:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", req.header('origin'));
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
res.header("Access-Control-Allow-Credentials","true");
next();
});
来源:https://stackoverflow.com/questions/29531521/req-headers-origin-is-undefined