search

DILA-edu / cbeta-api

CBETA API Developer Group
21 stars 5 forks source link

請問 CORS 的問題 #24

Closed MrMYHuang closed 3 years ago

MrMYHuang commented 3 years ago

最近我開發的非官方 CBETA app ( https://mrmyhuang.github.io ),有許多人反應無法連線的問題。

我發現是因為 CBETA API server 的 CORS 設定改變了,之前應該是 allow * origins。但最近會出現如這樣的 API call 錯誤: Access to XMLHttpRequest at 'https://cbdata.dila.edu.tw/v1.2/catalog_entry?q=Cat-X' from origin 'https://mrmyhuang.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

請問要如何解決?

RayCHOU commented 3 years ago

抱歉因為最近 Server 移機,這地方漏了設, 剛重設了,麻煩您試看看是否可以了, 感謝。

MrMYHuang commented 3 years ago

抱歉因為最近 Server 移機,這地方漏了設, 剛重設了,麻煩您試看看是否可以了, 感謝。

Ok了。謝謝您。

MrMYHuang commented 3 years ago

@RayCHOU 您好。我發現 DILA 佛學術語字辭典 APIs 也有相同 CORS 問題:

Access to XMLHttpRequest at 'https://glossaries.dila.edu.tw/search.json/?type=match&dicts=dila&term=%E8%8F%A9%E8%96%A9' from origin 'https://mrmyhuang.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

請問您能幫忙處理嗎?

RayCHOU commented 3 years ago

Glossaries CORS 改好了,請再試看看。

MrMYHuang commented 3 years ago

測試正常。謝謝您。

MrMYHuang commented 2 years ago

@RayCHOU 您好: 最近 CBETA API server 又發生 CORS 設定導致瀏覽器無法跨站存取的問題: Access to XMLHttpRequest at 'https://cbdata.dila.edu.tw/v1.2/catalog_entry?q=CBETA' from origin 'https://mrmyhuang.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

請問能協助嗎?

RayCHOU commented 2 years ago

@MrMYHuang 抱歉今天處理另一個 HTTPS 憑證問題, 動到了這裡,漏加回去。 剛修正了,麻煩您再試看看。

MrMYHuang commented 2 years ago

@RayCHOU 測試正常,謝謝您。

MrMYHuang commented 2 years ago

您好: 目前又發生 CORS policy 禁止存取的問題:

Access to XMLHttpRequest at 'https://cbdata.dila.edu.tw/v1.2/juans?edition=CBETA&work_info=1&work=T0251&juan=1' from origin 'https://mrmyhuang.github.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

麻煩您調整 server 設定。謝謝。阿彌陀佛。

RayCHOU commented 2 years ago

感謝回報。 但是我這邊測試的結果是有 Access-Control-Allow-Origin:

$ curl -I https://cbdata.dila.edu.tw/v1.2/juans\?edition\=CBETA\&work_info\=1\&work\=T0251\&juan\=1
HTTP/1.1 200 OK
Date: Tue, 31 May 2022 00:57:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: max-age=0, private, must-revalidate
Referrer-Policy: strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Request-Id: bfa9df91-edb6-4631-803e-e3f6dc36ae19
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Runtime: 0.017966
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger 6.0.7
Transfer-Encoding: chunked
ETag: W/"517516cbcedc72139e38ce21f73a66d5"
Status: 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Set-Cookie: cookiesession1=678A8C31VWXYZABCDEFGHIJKNOPQ6577;Expires=Wed, 31 May 2023 00:57:39 GMT;Path=/;HttpOnly
MrMYHuang commented 2 years ago

感謝回報。 但是我這邊測試的結果是有 Access-Control-Allow-Origin:

謝謝,現在正常了。請問會不會是有使用 load balancing,但其中一台 server 的 CORS policy 未設置 "allow *" 的關係?

RayCHOU commented 2 years ago

我們小機構只有一部 server,沒有使用 Load Balancing ^_^ 不過最近有時會出現 500 Internal Server Error, log 又看不出原因,剛有 restart apache2. (在 restart 之前,就有 Access-Control-Allow-Origin)