问题
I'm using expressjs and added cors validation for a all origins.
const options = {
origin: ['*'],
credentials: true,
exposedHeaders: false,
preflightContinue: false,
optionsSuccessStatus: 204,
methods: ['GET', 'POST'],
allowedHeaders: allowedHeaders,
};
module.exports = cors(options);
This is enabling one of the two CORS requests that I'm using however, One of which is a response from server and the other one is a socket.
I'm using angular observable to get the response like.
const headers = {
// Host: '',
};
return this.http.get(`${environment.BASE_URL}:${_port}`,
{ headers, observe: 'response' });
}
The request that is not a socket sends a proper response. However, the one with the socket is sending me a different object.
But I'm also getting the right response from socket if I look into the network tab.
See screenshots below.
https://prnt.sc/qlq9up (CORS Invalid)
https://prnt.sc/qlqd88 (Response Header in network Tab)
This header is retrievable if I turn on the CORSe Extension on my Firefox Browser.
EDIT:
I'm not using Socket.io but rather a Web Socket websocket = require('ws');
ANSWER : My issue was a logical error.
This wasn't exactly what solved my issue because I was using websocket and not socket.io however, this made me realize my problem, I was listening to websocket and https seperately and was able to fix this once I added the option to use cors in websocket
回答1:
my example that is working, socket are to different server
// socket.js server config,for express
const app = express();
const server = app.listen(process.env.SOCKET_PORT, function () {
console.log("Server started: http://localhost:" + process.env.SOCKET_PORT + "/");
});
app.use(function (req, res, next) {
res.setHeader(
"Access-Control-Allow-Headers",
"X-Access-Token, Content-Type, Lang, crossDomain"
);
res.setHeader(
"Access-Control-Allow-Methods",
"POST, GET, OPTIONS, PUT, DELETE"
);
res.setHeader("Access-Control-Allow-Origin", "*");
req.headers.host = req.headers["x-forwarded-host"];
res.setHeader("Cache-Control", "no-cache");
//intercepts OPTIONS method
if ('OPTIONS' === req.method) {
//respond with 200
res.sendStatus(200);
} else {
//move on
next();
}
});
const io = require('socket.io')(server, {
transports: [
// 'polling',
"websocket"
],
allowUpgrades: true,
adapter: redisAdapter({host: 'localhost', port: process.env.REDIS_PORT || '6379'}),
pingInterval: 3000,
wsEngine: 'ws'
})
also I have config inside nginx.conf
location / {
// important line
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# redirect all traffic to local port;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_read_timeout 86400;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
reset_timedout_connection on;
//your port here
proxy_pass http://localhost:YOUR_PORT;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
来源:https://stackoverflow.com/questions/59679427/cors-validation-for-web-socket