javascript - 在 Heroku 上部署 Node.js 应用程序时出现 403 错误
问题描述
早些时候,我在尝试使用 Heroku 打开 Node.js 应用程序时收到以下错误(来自 Chrome 控制台):
Refused to load the image 'https://browser-rpg-app.herokuapp.com/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
这伴随着一个 403。我设法通过添加以下行来修复它:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://ajax.googleapis.com/ajax/libs/angularjs/1.6.9/angular.min.js 'unsafe-inline'">
现在第一个错误消失了,但我仍然收到 403。我可以在 上完美运行应用程序heroku local web
,但在实际部署时却不行。这是日志所说的:
2019-12-02T22:41:29.000000+00:00 app[api]: Build succeeded
2019-12-02T22:41:32.617542+00:00 heroku[web.1]: Starting process with command `node app.js`
2019-12-02T22:41:36.786903+00:00 heroku[web.1]: State changed from starting to up
2019-12-02T22:42:00.484013+00:00 app[web.1]: ForbiddenError: Forbidden
2019-12-02T22:42:00.484062+00:00 app[web.1]: at SendStream.error (/app/node_modules/send/index.js:270:31)
2019-12-02T22:42:00.484066+00:00 app[web.1]: at SendStream.pipe (/app/node_modules/send/index.js:553:12)
2019-12-02T22:42:00.484068+00:00 app[web.1]: at sendfile (/app/node_modules/express/lib/response.js:1103:8)
2019-12-02T22:42:00.484071+00:00 app[web.1]: at ServerResponse.sendFile (/app/node_modules/express/lib/response.js:433:3)
2019-12-02T22:42:00.484074+00:00 app[web.1]: at index (/app/routes/index.js:9:9)
2019-12-02T22:42:00.484077+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2019-12-02T22:42:00.484079+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13)
2019-12-02T22:42:00.484081+00:00 app[web.1]: at Route.dispatch (/app/node_modules/express/lib/router/route.js:112:3)
2019-12-02T22:42:00.484083+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2019-12-02T22:42:00.484085+00:00 app[web.1]: at /app/node_modules/express/lib/router/index.js:281:22
2019-12-02T22:42:00.482239+00:00 heroku[router]: at=info method=GET path="/" host=browser-rpg-app.herokuapp.com request_id=845c8d30-4ca7-44f4-ab69-ae312e722b1b fwd="68.174.27.246" dyno=web.1 connect=1ms service=21ms status=403 bytes=380 protocol=https
如您所见,没有有用的信息或解释,它只是说禁止。我真的不知道问题可能是什么,但这里有一堆重要/相关文件:
应用程序.js:
const express = require("express");
const configRoutes = require("./routes");
const static = express.static(__dirname + '/public');
const app = express();
app.use("/public", static);
var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
const cookieParser = require("cookie-parser");
app.use(cookieParser());
configRoutes(app);
app.listen(process.env.PORT || 3000, () => {
console.log("The application is running on http://localhost:3000");
if (process && process.send) process.send({done: true});
});
包.json:
{
"name": "browserrpg",
"version": "1.0.0",
"description": "",
"main": "app.js",
"engines": {
"node": "10.16.3"
},
"dependencies": {
"angular": "^1.7.2",
"angular-route": "^1.7.2",
"body-parser": "^1.18.3",
"cookie-parser": "^1.4.3",
"express": "^4.16.3",
"mongodb": "^3.1.1",
"npm": "^6.2.0",
"uuid": "^3.3.2"
},
"devDependencies": {},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node app.js"
},
"repository": {
"type": "git",
"url": (git url here, removed for privacy)
},
"author": "",
"license": "ISC",
}
档案:
web: node app.js
如果它是相关的,这里是 Heroku 调用的“/”路由:
const index = (req, res) => {
res.sendFile(path.join(__dirname, "..\\public\\html", "index.html"));
return;
}
这是设置所有路由的构造函数:
const constructorMethod = app => {
app.get("/", index);
app.get("/game", gameGet);
app.post("/game", gamePost);
app.use("*", (req, res) => {
res.status(404).json({ error: "Not found" });
});
};
这也是我的文件结构:
BrowserRPG
│ README.md
│ Procfile
| app.js
| mongoCollections.js
| mongoConnection.js
| package.json
| settings.json
│
└───data
│ enemydata.js
│ gamecalc.js
| gamedata.js
| index.js
│
│
└───public
│
└───css
| main.css
|
└───html
| game.html
| index.html
|
└───js
| angular.js
| angularActiveGame.js
|
└───routes
| index.js
我也在使用 mongodb 数据库,但我认为这不会导致问题,因为我什至还没有尝试将它连接到 Heroku,而且您不需要运行 db 即可访问应用程序的第一页。这里有什么可能导致错误吗?谢谢。
解决方案
所以我终于想通了,解决方案实际上非常简单。在我的 "/" GET 路由中,路径包含 a ..
,它被视为恶意,因此被拒绝。我把它改成这样:
res.sendFile(path.join(appRoot, "public/html", "index.html"));
appRoot
是指向应用程序根目录的全局变量。希望这可以帮助可能遇到类似问题的人。
推荐阅读
- filter - 使用 Dynamics365 Odata 过滤器执行“是其中之一”过滤器
- amazon-web-services - AWS Glue - 从现有笔记本服务器访问新的开发终端节点
- spring - SRVE0278E: 添加 servlet 映射时出错 --> /*
- php - 从 DateTime 对象中分离日期属性
- javascript - 如何处理monorepo中的env文件?
- amazon-web-services - AWS 云代理配置中的 bw“start_of_file”和“end_of_file”的区别
- node.js - npm脚本中的nodemon多次触发
- postgresql - PostgreSQL 中的解释分析:对查询性能的影响?
- r - 在 R 中并行化 BMA
- delphi - TButtonItem 的 OnClick 返回 TCategoryButtons 的 Sender