使用wai-cors正确配置CORS

编程问答 2022-06-05

问题描述

我正在为Servant和CORS配置苦苦挣扎:我正在通过Servant公开API,并且我具有以下配置:

depth_first([[arad]],zerind,P,C)

当我通过Chromium执行这样的查询时(通过复制和粘贴):

-- Wai application initialization logic
initializeApplication :: IO Application
initializeApplication = do
  let frontCors = simpleCorsResourcePolicy { corsOrigins = Just ([pack "https://xxxx.cloudfront.net"],True),corsMethods = ["OPTIONS","GET","PUT","POST"],corsRequestHeaders = simpleHeaders }
  return
    $ cors (const $ Just $ frontCors)
    $ serve (Proxy @API)
    $ hoistServer (Proxy @API) toHandler server

它可以工作,但是如果我在开发者控制台中复制粘贴获取查询

curl 'https://api.xxx/' \
  -H 'Accept: application/json,text/plain,*/*' \
  -H 'Referer: https://xxx.cloudfront.net' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/86.0.4240.111 Safari/537.36' \
  -H 'Authorization: Bearer XXX==' \
  --compressed

我得到:

fetch("https://api.xxx",{
  "headers": {
    "accept": "application/json,*/*","authorization": "Bearer XXX=="
  },"referrer": "https://xxx.cloudfront.net/","referrerPolicy": "no-referrer-when-downgrade","body": null,"method": "GET","mode": "cors","credentials": "include"
});

关于此的任何提示吗?特别是为什么它在cUrl中而不在Chromium中起作用? 预先感谢。

解决方法

这是一个基本的CORS问题,实际上,发送Authorization却不包含在corsRequestHeaders中会使请求被拒绝。

我应该写:

,corsRequestHeaders = ["Authorization","Content-Type"]
corscorscorshaskellhaskellservant