问题
My project is running on Node with an Express backend.
I'm trying to query my Arango database clientside with Arangojs. ArangoDB is running on Docker on Digital Ocean. I have no issues querying my database serverside, however I get the following error on page load:
Failed to load http://0.0.0.0:8529/_db/database/_api/cursor: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is 'false' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
My code on the clientside js looks like this:
var db = new arangojs.Database({url:'http://0.0.0.0:8529'})
db.useDatabase(dbase)
db.useBasicAuth("database", 'password')
db.query('FOR doc IN docs RETURN doc') // etc. etc.
EDIT: 1 year later in hindsight this question is pretty silly - The correct answer for this is don't expose your database credentials through clientside JS... Communicate with your backend, and have that communicate with your datastore.
回答1:
You are configuring cors() wrong, you have to use credentials property in order to configure Access-Control-Allow-Credentials:
var cors = require('cors');
var corsOptions = {
origin: '*',
credentials: true };
app.use(cors(corsOptions));
Besides that, your app.all(* ... isnt necessary because app.use(cors(corsOptions)); will already handle it for you.
回答2:
You must set origin with a "trusted" URL or an array of "trusted" URLs, each with protocol + domain + port when, you configure cors with credentials. origin : '*' is blocked, because using credentials for every origin is too permissive. It is like not using credentials at all.
来源:https://stackoverflow.com/questions/49189058/cors-allow-credentials-nodejs-express