问题描述
我正在为Servant和CORS配置苦苦挣扎:我正在通过Servant公开API,并且我具有以下配置:
depth_first([[arad]],zerind,P,C)
当我通过Chromium执行这样的查询时(通过复制和粘贴):
-- Wai application initialization logic
initializeApplication :: IO Application
initializeApplication = do
let frontCors = simpleCorsResourcePolicy { corsOrigins = Just ([pack "https://xxxx.cloudfront.net"],True),corsMethods = ["OPTIONS","GET","PUT","POST"],corsRequestHeaders = simpleHeaders }
return
$ cors (const $ Just $ frontCors)
$ serve (Proxy @API)
$ hoistServer (Proxy @API) toHandler server
curl 'https://api.xxx/' \
-H 'Accept: application/json,text/plain,*/*' \
-H 'Referer: https://xxx.cloudfront.net' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/86.0.4240.111 Safari/537.36' \
-H 'Authorization: Bearer XXX==' \
--compressed
我得到:
fetch("https://api.xxx",{
"headers": {
"accept": "application/json,*/*","authorization": "Bearer XXX=="
},"referrer": "https://xxx.cloudfront.net/","referrerPolicy": "no-referrer-when-downgrade","body": null,"method": "GET","mode": "cors","credentials": "include"
});
关于此的任何提示吗?特别是为什么它在cUrl中而不在Chromium中起作用? 预先感谢。
解决方法
这是一个基本的CORS问题,实际上,发送Authorization
却不包含在corsRequestHeaders
中会使请求被拒绝。
我应该写:
,corsRequestHeaders = ["Authorization","Content-Type"]