0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Error: No 'Access-Control-Allow-Origin' when make Facebook instant games

Last updated at Posted at 2018-08-10

Vấn đề

Reactjs app được viết cho nền tảng facebook instant games và được host bởi Facebook content hosting

Vấn đề là khi app gọi api thì bị lỗi: Error: No 'Access-Control-Allow-Origin' vì vấn đề Cross-Origin Resource Sharing (CORS)

Mô hình ứng dụng như sau:
Client -> Reactjs app (hosted on facebook domain) -> call api.mydomain.com -> CORS Error.

Giải quyết

ban đầu vì không hiểu rõ CORS nên đã tưởng phải config ở hosted domain (facebook) nhưng bắt gặp trả lời này trên stackoverflow

CORS is the solution to your problem here.

This question/the answer is not Facebook specific - the issue would be the same 
with any other domain serving your content, that is different from your own.

Your client-side code is hosted under the Facebook domain, and tries to make 
a request to your domain - that is the cross-domain part. Your domain is the
party that holds the power to either allow or deny this request - by default,
it would be denied, but by responding with the appropriate header,
your server can signal to the browser, "yes, that's ok, he [your code running
under facebook.com] is one of the good guys ..."

So you need to configure this on your server, that you want to make the request to.

Tức là mình cần config ở API server của mình là được rồi. yeah.

Config nginx to support CORS

  • file:/etc/nginx/nginx.conf
    ...
    server {
        listen 443;
	server_name api.domain.com;
        
	ssl on;
	ssl_certificate /root/ssl/ssl-bundle.crt;
        ssl_certificate_key /root/ssl/private.key;

        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://unix:/root/app/api/app.sock;

	    include /etc/nginx/conf.d/allow-cors.conf;
        }

        location /.well-known/ {
            root /root/ikuze/.ssl;
        }
    }
    ...

  • file: /etc/nginx/conf.d/allow-cors.conf
if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' '*';
    #
    # Om nom nom cookies
    #
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    #
    # Custom headers and headers various browsers **should** be OK with but aren't
    #
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    #
    # Tell client that this pre-flight info is valid for 20 days
    #
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    add_header 'Content-Length' 0;
    return 204;
}

if ($request_method = 'POST') {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
 
if ($request_method = 'GET') {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
$ nginx -s reload

Done!

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?