Axios和Twitter API
我遇到了axios和twitter API的问题.
I'm having an issue with axios and twitter API.
我使用Postman(设置了授权标头-OAuth 1.0)成功请求了.现在我正在尝试做同样的事情,我得到的只是:
I made successful request using Postman (with Authorization header set - OAuth 1.0). Now I'm trying to do the same and all I get is:
Failed to load https://api.twitter.com/1.1/lists/statuses.json: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 400.
在Network chrome标签中,我还看到只有OPTIONS正在发送.
I also see in the Network chrome tab, that only the OPTIONS is being sent.
这是我的axios配置的样子(具有更改的凭据;)):
This is how my axios configuration looks like (with changed credentials ;)):
const api = axios.create({
baseURL: 'https://api.twitter.com/1.1',
headers: {
// Authorization was copied from the Postman headers
Authorization: 'OAuth oauth_consumer_key="consumer_key",oauth_token="token",,oauth_signature_method="H,MAC-SHA1",,oauth_timestamp="1,515677408",,oauth_nonce="nonce",,oauth_version="1,.0",,oauth_signature="signature"',
},
withCredentials: true,
});
const getListStatuses = (owner_screen_name, slug) => {
return api.get('/lists/statuses.json', { owner_screen_name, slug });
};
我想念什么?
This is a CORS problem, a security measure adopted by browsers (which explains why you could do it via Postman).
基本上,Chrome将预检请求发送到服务器以了解期望的内容,并且服务器不会将您的来源返回为可接受的来源(Access-Control-Allow-Origin标头).
Basically, Chrome sends the preflight request to the server to know what it is expecting, and the server isn't returning your origin as an acceptable one (Access-Control-Allow-Origin Header).
正如@AndyPiper在评论中指出的那样,Twitter的API不支持CORS.这意味着您的请求仅在从服务器端发出时才起作用,而不是从浏览器发出.
As @AndyPiper pointed out in the comments, Twitter's API does not support CORS. That means your request will only work if made from server-side, not from the browser.