front-end error
has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
What is CORS
The full name of CORS is Cross-Origin Resource Sharing (Cross-Origin Resource Sharing) is a way of AJAX cross-origin request resources
Solution
1. Solve cross-domain problems in vue development stage
Development stage: in vue.config.js
module.exports = {
dev: {
assetsSubDirectory: 'static',
assetsPublicPath: '/',
proxyTable: {
// 配置跨域
'/api':{
target:`http://www.baidu.com`, //请求后台接口
changeOrigin:true, // 允许跨域
pathRewrite:{
'^/api' : '' // 重写请求
}
}
},
}
2. JSONP solution
Jsonp (JSON with Padding) A "use mode" of json that allows web pages to obtain data from other domain names (websites), that is, to read data across domains.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<div id="textID"></div>
<script type="text/javascript">
/**
* 实现jsonp
* 1.创建script的标签
* 2.拼接 url
* 3.赋值url
* 4.放入头部
*/
function text_jsonp(req){
var script = document.createElement('script');
var url = req.url + '?callback=' + req.callback.name;
script.src = url;
document.getElementsByTagName('head')[0].appendChild(script);
}
</script>
</body>
</html>
3. CORS (Cross-Origin Resource Sharing)
CORS is cross-origin resource sharing (Cross-Origin Resource Sharing), which uses ajax to request resources across domains. It supports modern browsers and IE supports more than 10. In a CORS request, the header information contains the following three fields:
- Access-Control-Allow-Origin : This field is required. Its value is either the value of the Origin field at the time of the request, or a *, indicating that requests for any domain name are accepted;
- Access-Control-Allow-Credentials : Optional, the value is a boolean value, indicating whether to allow cookies to be sent. By default, cookies are not included in CORS requests. If set to true, it means that the server explicitly allows the cookie to be included in the request and sent to the server together. This value can also only be set to true.
如果要发送Cookie,Access-Control-Allow-Origin必须为指定明确的、与请求网页一致的域名
; - Access-Control-Expose-Headers : Optional.
XMLHttpRequest
The method of the object during CORS requestgetResponseHeader()
can only get 6 basic fields:Cache-Control、Content-Language、Content-Type、Expires、Last-Modified、Pragma
. If you want to get other fields, you must specify them in Access-Control-Expose-Headers.
For a detailed explanation, please see: CORS Detailed Explanation
Fourth, iframe realizes cross-domain
iframe(src){
//数组
if(Array.isArray(src)){
this.docs.visible = true;
}else{
this.docs.visible = false;
}
this.link = src
if(this.docs.visible == false){
if(this.$refs['ruleIframe'] && this.$refs['ruleIframe'].querySelector('iframe')){
this.$refs['ruleIframe'].querySelector('iframe').remove() //删除自身
}
var iframe = document.createElement('iframe');
iframe.width = '100%';
iframe.height = '100%';
iframe.setAttribute('frameborder','0')
iframe.src = src;
this.append(iframe)
}
},
//创建元素 防止 获取不到 ruleIframe 递归
append(iframe){
if(this.$refs['ruleIframe']){
this.$refs['ruleIframe'].appendChild(iframe);
return
}
setTimeout(()=>{
this.append(iframe);
},500)
}