当前位置：文江博客话题详情

API调用的Angular HttpClient CORS错误

发布于 2025-02-10 19:01:05 字数 1232 浏览 1 评论 0原文

我正在与Angular创建一个基于Web的平台，该平台与Magic Eden API交互（文档： https：//api.magiceden> .dev/）。

请记住，这不是我的API，我只是从我的前端打电话。

当我通过Angular HTTP客户端向API拨打API时，我会出现A CORS错误，指出“在请求的资源上不存在'访问访问控制 - 允许孔'标头。”

cors错误

但是，当我通过Postman进行呼叫时，它可以正常工作，没有任何问题。

我尝试在以下两种方式中添加“访问控制 - 允许孔”标头：

1）

headers = new HttpHeaders().set('Access-Control-Allow-Origin', '**');

getListings(symbol: string)
{
    return this.http.get('https://api-mainnet.magiceden.dev/v2/collections/aos/listings?offset=0&limit=18', {headers: httpOptions.headers});
}

const httpOptions = {
  headers: new HttpHeaders ({
    "Access-Control-Allow-Origin": "**"
  })
}

getListings(symbol: string)
  {
    return this.http.get('https://api-mainnet.magiceden.dev/v2/collections/aos/listings?offset=0&limit=18', httpOptions);
  }

我还尝试将Access-Control-Allow-Origin设置为“*”和“ **”，该Origin不起作用。

我还尝试使用Axiom而不是Angular HTTPClient进行呼叫，但我仍然会遇到相同的错误。

有人知道如何处理吗？任何帮助将不胜感激！

原文

I'm creating a web based platform with Angular that interacts with the Magic Eden API (documentation: https://api.magiceden.dev/).

Please keep in mind this is not my API, I'm merely making calls to it from my front end.

When I make API calls to the API through the Angular HTTP Client I get the a CORS error stating "No 'Access-Control-Allow-Origin' header is present on the requested resource."

CORS Error

However, when I make the calls through Postman it works without any issue.

I have tried adding the 'Access-Control-Allow-Origin' header in the following 2 ways:

headers = new HttpHeaders().set('Access-Control-Allow-Origin', '**');

getListings(symbol: string)
{
    return this.http.get('https://api-mainnet.magiceden.dev/v2/collections/aos/listings?offset=0&limit=18', {headers: httpOptions.headers});
}

const httpOptions = {
  headers: new HttpHeaders ({
    "Access-Control-Allow-Origin": "**"
  })
}

getListings(symbol: string)
  {
    return this.http.get('https://api-mainnet.magiceden.dev/v2/collections/aos/listings?offset=0&limit=18', httpOptions);
  }

I have also tried setting the Access-Control-Allow-Origin to "*" and "**" which didn't work.

I also tried making the calls with Axiom instead of the Angular HttpClient and I still get the same error.

Does anyone know how to approach this?
Any assistance would be appreciated!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

把时间冻结 2025-02-17 19:01:05

尝试在其他端口上运行该应用

回复收藏 0 原文

桃扇骨 2025-02-17 19:01:05

为了理解CORS错误，让我们阅读 wikipedia /strong>：

交叉原始资源共享（CORS）是一种机制，允许从提供第一个资源的域之外的另一个域中请求网页上的限制资源。
网页可以免费嵌入交叉原始图像，样式表，脚本，iframe和视频。默认情况下，相同的原始安全策略禁止某些“跨域”请求，尤其是AJAX请求。 ** CORS定义了浏览器和服务器可以进行交互的方式，以确定是否允许交叉原始请求安全。它允许比纯粹的孤子请求更多的自由和功能，但是比简单允许所有交叉原始请求更安全。

简单单词的技术步骤：

客户端（网页）尝试调用服务器端（API）。
服务器检查请求是否具有访问他的许可，如果没有，他会阻止客户端。
由于服务器块，客户端会出现CORS错误。

为了允许客户端访问服务器端，您应该在服务器端启用交叉原始权限。

如果您不能在服务器端添加CORS权限，因为您不是API的所有者，并且不能要求API的所有者将您的站点添加到CORS中，则可以制作自己的服务器代理（例如构建.NET Core Core Backend应用等...）。

在您的后端应用中添加CORS定义。

在.NET Core 6：
请参阅此如何在asp.net core中启用cors 以获取更多示例。

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: MyAllowSpecificOrigins,
                      builder =>
                      {
                          builder.WithOrigins("http://example.com",
                                              "http://www.contoso.com");
                      });
});

将API调用添加到后端代理中的外部API。
您的后端应用程序将是客户端和外部API之间的中介。客户将致电您的代理，代理将调用外部API。

In order to understand CORS errors, lets read what wikipedia writes about CORS:

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. **CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests.

The technical steps in simple words:

The client side (a web page) try to call the server side (API).
The server check if the request has a permition to access him, and if not he block the client.
The client get CORS error because of the server block.

In order to allow the client accessing the server side you should enable a cross-origin permition in the server side.

If you cant add a CORS permition in the server side because you are not the owner of the API and you cant ask the API's owner to add your site to CORS, you can make your own server proxy, (like build a .Net Core backend app etc...).

Add CORS definitions in your backend app.

In .NET Core 6:
See this How to enable CORS in ASP.NET Core for more samples.

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: MyAllowSpecificOrigins,
                      builder =>
                      {
                          builder.WithOrigins("http://example.com",
                                              "http://www.contoso.com");
                      });
});

Add API calls to the external API in the backend proxy.
Your backend app will be the mediator between the client and the external API. the client will call your proxy, and the proxy will call the external API.

回复收藏 0 原文

~没有更多了~