由网友(谁能真心疼涐)分享简介：我是Cloudflare Worker的新手。如何在Cloudflare Worker中设置CORS？response = await cache.match(cacheKey);if (!response) {// handle fetch data and cache}const myHeaders = new...

我是Cloudflare Worker的新手。

如何在Cloudflare Worker中设置CORS？

  response = await cache.match(cacheKey);
  if (!response) {
    // handle fetch data and cache
  }
  const myHeaders = new Headers();
  myHeaders.set("Access-Control-Allow-Origin", event.request.headers.get("Origin"));
  return new Response(JSON.stringify({
    response
  }), {
    status: 200, headers: myHeaders
  });

推荐答案

其实挺疼的。有sample from Cloudflare，但不能直接使用。我最近终于弄明白了，并把详细的步骤放到了一个 blog post。

以下是工作器的完整代码。

// Reference: https://developers.cloudflare.com/workers/examples/cors-header-proxy
const corsHeaders = {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
        "Access-Control-Max-Age": "86400",
}
function handleOptions (request) {
        // Make sure the necessary headers are present
        // for this to be a valid pre-flight request
        let headers = request.headers
        if (
                headers.get("Origin") !== null &&
                headers.get("Access-Control-Request-Method") !== null &&
                headers.get("Access-Control-Request-Headers") !== null
        ) {
                // Handle CORS pre-flight request.
                // If you want to check or reject the requested method + headers
                // you can do that here.
                let respHeaders = {
                        ...corsHeaders,
                        // Allow all future content Request headers to go back to browser
                        // such as Authorization (Bearer) or X-Client-Name-Version
                        "Access-Control-Allow-Headers": request.headers.get("Access-Control-Request-Headers"),
                }
                return new Response(null, {
                        headers: respHeaders,
                })
        }
        else {
                // Handle standard OPTIONS request.
                // If you want to allow other HTTP Methods, you can do that here.
                return new Response(null, {
                        headers: {
                                Allow: "GET, HEAD, POST, OPTIONS",
                        },
                })
        }
}
async function handleRequest (request) {
        let response
        if (request.method === "OPTIONS") {
                response = handleOptions(request)
        }
        else {
                response = await fetch(request)
                response = new Response(response.body, response)
                response.headers.set("Access-Control-Allow-Origin", "*")
                response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
        }
        return response
}
addEventListener("fetch", (event) => {
        event.respondWith(
                handleRequest(event.request).catch(
                        (err) => new Response(err.stack, { status: 500 })
                )
        );
});