本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
如果回應尚未包含此標頭,下列範例函數會將 Access-Control-Allow-Origin
HTTP 標頭新增至回應。此標頭是跨來源資源分享 (CORS) 的一部分。標頭的值 (*
) 告訴 Web 瀏覽器允許來自任何來源的程式碼存取此資源。如需詳細資訊,請參閱 MDN Web Docs 網站上的 Access-Control-Allow-Origin。
這是一個檢視者回應函數。
請參閱(詳見)的範例 GitHub。
- JavaScript runtime 2.0
-
async function handler(event) {
const request = event.request;
const response = event.response;
// If Access-Control-Allow-Origin CORS header is missing, add it.
// Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation.
if (!response.headers['access-control-allow-origin'] && request.headers['origin']) {
response.headers['access-control-allow-origin'] = {value: request.headers['origin'].value};
console.log("Access-Control-Allow-Origin was missing, adding it now.");
}
return response;
}
- JavaScript runtime 1.0
-
function handler(event) {
var response = event.response;
var headers = response.headers;
// If Access-Control-Allow-Origin CORS header is missing, add it.
// Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation.
if (!headers['access-control-allow-origin']) {
headers['access-control-allow-origin'] = {value: "*"};
console.log("Access-Control-Allow-Origin was missing, adding it now.");
}
return response;
}