跨域情况一:没有设置 Access-Control-Allow-Origin

Access to XMLHttpRequest at 'http://api.example.com/socket.io/?EIO=4&transport=polling&t=OLu8vS9' from origin 'http://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
const io = new Server(httpServer, {
  cors: {
    origin: "http://example.com"
  }
})

导致 Access-Control-Allow-Origin 的值为空、不指定从而引发以上错误可能是由以下的配置引起的:

跨域情况二:Access-Control-Allow-Origin 设置了通配符

如果设置为通配符 Access-Control-Allow-Origin: * ,那么就有可能报以下的错误:

Access to XMLHttpRequest at 'http://api.otherdoamin.com/socket.io/?EIO=3&transport=polling&t=OLuC3jd' (redirected from 'https://api.example.com/socket.io/?EIO=3&transport=polling&t=OLuC3jd') from origin 'https://example.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

导致 Access-Control-Allow-Origin 的值为通配符(*) 引发以上错误可能是由以下的配置引起的:

跨域情况三:Access-Control-Allow-Origin 设置为 null

这种情况一般是请求体的 Originnull 字符串

Access to XMLHttpRequest at 'http://api.otherdoamin.com/socket.io/?EIO=3&transport=polling&t=OLuC3jd' (redirected from 'https://api.example.com/socket.io/?EIO=3&transport=polling&t=OLuC3jd') from origin 'https://example.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

导致 Access-Control-Allow-Origin 的值为通配符(*) 引发以上错误可能是由以下的配置引起的:

123

拦截:对http请求进行拦击,不需要对ws协议拦截。

源码

CORS

给Socket.io 传递的参数会传递到 engine.io,engine.io也会把接收到的参数传递到 cors。

依赖 engine.ioengine.io 又依赖于 cors

cors被依赖的模块有: