我在React-Redux應用程序上創建了2條路線。我已經添加了主頁和回調URL的github應用程序設置。Github oauth的Axios CORS問題未獲取訪問令牌
1. 當你點擊這條路線:https://reduxapp.herokuapp.com/signin 你點擊在Github上登錄按鈕,==>githubGeturi
2. Github上重定向回一個代碼https://reduxapp.herokuapp.com/auth/callback?code=9536286a59228e7784a1 和githubSendCode('9536286a59228e7784a1 ')動作被觸發
您可以在網絡調用中看到OPTIONS調用通過,但POST調用從未發生。你會得到一個控制檯錯誤:
XMLHttpRequest cannot load https://github.com/login/oauth/access_token?client_id=32b70bf671e04762b26c&…_secret=5851623d94887db7612d4c9bc689310b9d53284b&code=9536286a59228e7784a1. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://reduxapp.herokuapp.com' is therefore not allowed access.
下面是我的操作功能:
const CLIENT_ID = '32b70bf671e04762b26c';
const CLIENT_SECRET = '5851623d94887db7612d4c9bc689310b9d53284b';
const ROOT_URL = window.location.origin;
const REDIRECT_URL = `${ROOT_URL}/auth/callback`;
const AUTHORIZE_URL = 'https://github.com/login/oauth/authorize';
const ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token';
const STATE = _.random(10000);
export function githubGeturi() {
const GITHUB_URL = `${AUTHORIZE_URL}?client_id=${CLIENT_ID}&scope=user,public_repo&redirect_uri=${REDIRECT_URL}`;
return (dispatch) => dispatch(signinUrl(GITHUB_URL));
}
export function githubSendCode(code) {
const GITHUB_URL = `${ACCESS_TOKEN_URL}?client_id=${CLIENT_ID}&client_secret=${CLIENT_SECRET}&code=${code}`;
axios.defaults.headers.post['Access-Control-Allow-Origin'] = '*';
const axiosPost = axios.post(
GITHUB_URL,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/json'
}
});
return (dispatch) => {
dispatch(signinRequest());
return axiosPost
.then(
success => dispatch(signinSuccess(success)),
error => dispatch(signinError(error))
);
};
}
======== 唯一可能的途徑,我發現是做與服務器POST調用。 你可以在這裏查看整個解決方案:https://github.com/steelx/ReduxWeatherApp/commit/6215634ca543a4760ea96397fe31b61f22184d91
這是不是這個SO問題的重複? http://stackoverflow.com/questions/14705726/github-api-and-access-control-allow-origin – Clarkie
這是oauth API問題 – STEEL