请问跨域配置 config.security 是不是没用啊？

[j710328466]

• Node Version: 14.18.0
• Platform: macOS

// dependence
    "@midwayjs/bootstrap": "^2.3.0",
    "@midwayjs/core": "^2.3.0",
    "@midwayjs/decorator": "^2.3.0",
    "@midwayjs/swagger": "^1.1.0",
    "@midwayjs/web": "^2.3.0",
    "@midwayjs/typegoose": "^2.0.0",
    "@typegoose/typegoose": "^8.1.0",
    "mongoose": "~5.13.3",
    "axios": "^0.22.0",
    "egg": "^2.0.0",
    "egg-cors": "^2.2.3",
    "egg-scripts": "^2.10.0",
    "swagger-ui-dist": "^3.52.3"

问题描述: 测试环境通过 localhost: 3000,访问localhost:7001 提示跨域，生产环境a.xx.com访问b.xx.com 提示跨域。

已尝试按照官方给出的方案:

// config.default.ts
export const cors = {
  origin: '*',
  allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH',
};

config.security = {
    csrf: false
  };

// src/config/plugin.ts
exports.cors = {
  enable: true,
  package: 'egg-cors',
}

** 无法解决问题！跨域依旧**

[czy88840616]

我们一般用 koa-cors..

[chenzhaozheng]

@j710328466 使用上需要调整下

`config.security = {
    csrf: {
      enable: false,
    },
    domainWhiteList: ['*'],
    xframe: {
      enable: false,
    },
  };

  config.cors = {
    credentials: true,
    allowHeaders:
      'Content-Type, Content-Length, Authorization, Accept, X-Requested-With',
    allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH,OPTIONS',
  };

[jamespatriot]

相同的问题，还是不行。

@j710328466 使用上需要调整下

`config.security = {
    csrf: {
      enable: false,
    },
    domainWhiteList: ['*'],
    xframe: {
      enable: false,
    },
  };

  config.cors = {
    credentials: true,
    allowHeaders:
      'Content-Type, Content-Length, Authorization, Accept, X-Requested-With',
    allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH,OPTIONS',
  };

[skypesky]

@jamespatriot

如果单纯为了跨域,可以写一个全局中间件解决,或许这个方案对你有用!

---

cors 全局中间件sample:

• 文件 src\middleware\cors.ts

// src\middleware\cors.ts
import { Provide } from '@midwayjs/decorator';
import { IWebMiddleware, IMidwayWebNext } from '@midwayjs/web';
import { Context } from 'egg';

@Provide()
export class CorsMiddleware implements IWebMiddleware {
  resolve() {
    return async (ctx: Context, next: IMidwayWebNext) => {
      // 控制器前执行的逻辑
      ctx.response.set('Access-Control-Allow-Origin', '*');
      ctx.response.set('Access-Control-Allow-Methods', 'GET,HEAD,PUT,POST,DELETE,PATCH,OPTIONS');
      // 执行下一个 Web 中间件，最后执行到控制器
      await next();
      // 控制器之后执行的逻辑
    };
  }
}

• 文件 src\config\config.default.ts

import { EggAppConfig, EggAppInfo, PowerPartial } from 'egg';

export type DefaultConfig = PowerPartial<EggAppConfig>;

export default (appInfo: EggAppInfo) => {
  const config = {} as DefaultConfig;
 
  config.keys = appInfo.name + '_1642343896580_5179';

  // 配置全局中间件
  config.middleware = [
    'corsMiddleware' 
  ];

  config.midwayFeature = {
    replaceEggLogger: true,
  };

  // config.security = {
  //   csrf: false,
  // };

  return config;
};

---

midway 中间件文档: https://www.midwayjs.org/docs/2.0.0/web_middleware

[skypesky]

@czy88840616 我在安装 egg-cors 报错了,以下是错误详情:

E:\workSpace\demos\midway-web-demo>npm install --save egg-cors
npm WARN ERESOLVE overriding peer dependency
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/egg-bin/node_modules/mocha
npm WARN   mocha@"^6.0.2" from [email protected]
npm WARN   node_modules/egg-bin
npm WARN     dev egg-bin@"^4.10.0" from @eggjs/[email protected]
npm WARN     node_modules/_@[email protected]@@eggjs/router
npm WARN     2 more (midway-bin, midway-bin)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer mocha@">=1.18 <6" from [email protected]
npm WARN node_modules/egg-bin/node_modules/co-mocha
npm WARN   co-mocha@"^1.2.2" from [email protected]
npm WARN   node_modules/egg-bin
npm WARN
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/mocha
npm WARN   peer mocha@">=1.18 <6" from [email protected]
npm WARN   node_modules/egg-bin/node_modules/co-mocha
npm WARN     co-mocha@"^1.2.2" from [email protected]
npm WARN     node_modules/egg-bin
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @jest/test-utils@^26.6.2.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\Administrator\AppData\Local\npm-cache\_logs\2022-01-21T16_17_41_090Z-debug-0.log

[czy88840616]

@skypesky egg里的依赖太老，你可以用npm i xxx --force 强制安装最新

[skypesky]

@czy88840616 感谢老哥! 使用 npm i xxx --force 不知道怎么回事依然报错,我重新删掉了 node_modules ,再重新 npm install,安装 egg-cors 没报错了!

[skypesky]

@czy88840616 关于提示跨域的这个错误可以复现(我试过了这个issue中提到的解决方案, 但是都失败了),也许是 egg-cors 一个bug. 我去看了一下, egg-cors 是不再维护了吗?

[czy88840616]

egg 的库是否废弃我们无从知晓，也正因为如此，从 v3 开始，我们开始维护 midway 自己的组件生态体系，后面会有 @midwayjs/cross-domain 才承载跨域的能力。

[skypesky]

@czy88840616 了解!

[huihuicn]

最方便用nginx做个方向代理

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.