BigCommerce API 是否支持 CORS?
我想在应用程序安装期间与 BigCommerce 交换信息,并从 html 页面发送代码的 POST 请求.但是我一直被 CORS 阻止:请求的资源上没有 'Access-Control-Allow-Origin' 标头.".而且我在 BigCommerce API 文档中找不到任何相关信息.
I want to exchange information with BigCommerce during application installation and send POST request for code from html page. But I keep getting blocked by CORS: " No 'Access-Control-Allow-Origin' header is present on the requested resource.". And I cannot find anything about it in BigCommerce API documentation.
有人知道吗,支持吗?有没有办法在浏览器中从 javascript 调用 BigCommerce api?
Do somebody know, is it supported? Is there any way to call BigCommerce api from javascript in browser?
推荐答案
我们不支持 CORS.尝试在浏览器中直接从 javascript 调用 API 是非常不安全的.这会公开一个 API 令牌,使某人能够通过基本身份验证访问存储中可用的任何数据.这将包括 PII.
We do not support CORS. It is very insecure to try to call the API from javascript on in the browser directly. This exposes an API token which enables someone to have access to any data in the store available through basic authentication. This would include PII.
如果您确实需要从 API 调用信息,请使用安全的 Web 服务,该服务会向您的脚本返回非常具体的值,而不是直接调用它.
If you really need to call info from the API, please use a secure web service that returns very specific values to your script as opposed to calling it directly.
相关文章