时间戳

首页 > 解决方案 > 在 Heroku 上部署 Node.js 应用程序时出现 403 错误

javascript - 在 Heroku 上部署 Node.js 应用程序时出现 403 错误

问题描述

早些时候,我在尝试使用 Heroku 打开 Node.js 应用程序时收到以下错误(来自 Chrome 控制台):

Refused to load the image 'https://browser-rpg-app.herokuapp.com/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

这伴随着一个 403。我设法通过添加以下行来修复它:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://ajax.googleapis.com/ajax/libs/angularjs/1.6.9/angular.min.js 'unsafe-inline'">

现在第一个错误消失了,但我仍然收到 403。我可以在 上完美运行应用程序heroku local web,但在实际部署时却不行。这是日志所说的:

2019-12-02T22:41:29.000000+00:00 app[api]: Build succeeded
2019-12-02T22:41:32.617542+00:00 heroku[web.1]: Starting process with command `node app.js`
2019-12-02T22:41:36.786903+00:00 heroku[web.1]: State changed from starting to up
2019-12-02T22:42:00.484013+00:00 app[web.1]: ForbiddenError: Forbidden
2019-12-02T22:42:00.484062+00:00 app[web.1]: at SendStream.error (/app/node_modules/send/index.js:270:31)
2019-12-02T22:42:00.484066+00:00 app[web.1]: at SendStream.pipe (/app/node_modules/send/index.js:553:12)
2019-12-02T22:42:00.484068+00:00 app[web.1]: at sendfile (/app/node_modules/express/lib/response.js:1103:8)
2019-12-02T22:42:00.484071+00:00 app[web.1]: at ServerResponse.sendFile (/app/node_modules/express/lib/response.js:433:3)
2019-12-02T22:42:00.484074+00:00 app[web.1]: at index (/app/routes/index.js:9:9)
2019-12-02T22:42:00.484077+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2019-12-02T22:42:00.484079+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13)
2019-12-02T22:42:00.484081+00:00 app[web.1]: at Route.dispatch (/app/node_modules/express/lib/router/route.js:112:3)
2019-12-02T22:42:00.484083+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2019-12-02T22:42:00.484085+00:00 app[web.1]: at /app/node_modules/express/lib/router/index.js:281:22
2019-12-02T22:42:00.482239+00:00 heroku[router]: at=info method=GET path="/" host=browser-rpg-app.herokuapp.com request_id=845c8d30-4ca7-44f4-ab69-ae312e722b1b fwd="68.174.27.246" dyno=web.1 connect=1ms service=21ms status=403 bytes=380 protocol=https

如您所见,没有有用的信息或解释,它只是说禁止。我真的不知道问题可能是什么,但这里有一堆重要/相关文件:

应用程序.js:

const express = require("express");

const configRoutes = require("./routes");
const static = express.static(__dirname + '/public');
const app = express();

app.use("/public", static);

var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

const cookieParser = require("cookie-parser");
app.use(cookieParser());

configRoutes(app);


app.listen(process.env.PORT || 3000, () => {
    console.log("The application is running on http://localhost:3000");

    if (process && process.send) process.send({done: true});
});

包.json:

{
  "name": "browserrpg",
  "version": "1.0.0",
  "description": "",
  "main": "app.js",
  "engines": {
    "node": "10.16.3"
  },
  "dependencies": {
    "angular": "^1.7.2",
    "angular-route": "^1.7.2",
    "body-parser": "^1.18.3",
    "cookie-parser": "^1.4.3",
    "express": "^4.16.3",
    "mongodb": "^3.1.1",
    "npm": "^6.2.0",
    "uuid": "^3.3.2"
  },
  "devDependencies": {},
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "node app.js"
  },
  "repository": {
    "type": "git",
    "url": (git url here, removed for privacy)
  },
  "author": "",
  "license": "ISC",
}

档案:

web: node app.js

如果它是相关的,这里是 Heroku 调用的“/”路由:

const index = (req, res) => {
    res.sendFile(path.join(__dirname, "..\\public\\html", "index.html"));
    return;
}

这是设置所有路由的构造函数:

const constructorMethod = app => {
    app.get("/", index);
    app.get("/game", gameGet);
    app.post("/game", gamePost);

    app.use("*", (req, res) => {
        res.status(404).json({ error: "Not found" });
    });
  };

这也是我的文件结构:

BrowserRPG
│   README.md
│   Procfile
|   app.js
|   mongoCollections.js
|   mongoConnection.js
|   package.json
|   settings.json
│
└───data
    │   enemydata.js
    │   gamecalc.js
    |   gamedata.js
    |   index.js
    │
│   
└───public
    │   
    └───css
        |   main.css
    |
    └───html
        |   game.html
        |   index.html
    |
    └───js
        |   angular.js
        |   angularActiveGame.js
|
└───routes
    |   index.js

我也在使用 mongodb 数据库,但我认为这不会导致问题,因为我什至还没有尝试将它连接到 Heroku,而且您不需要运行 db 即可访问应用程序的第一页。这里有什么可能导致错误吗?谢谢。

标签: javascriptnode.jsangularexpressheroku

解决方案

所以我终于想通了,解决方案实际上非常简单。在我的 "/" GET 路由中,路径包含 a ..,它被视为恶意,因此被拒绝。我把它改成这样:

res.sendFile(path.join(appRoot, "public/html", "index.html"));

appRoot是指向应用程序根目录的全局变量。希望这可以帮助可能遇到类似问题的人。

推荐阅读