我仅使用以下行:

res.header("Access-Control-Allow-Origin", "*");

它有效.您有没有在发送标题之前打印任何其他内容的机会?标头必须先发送.中间件代码应优先于其他任何东西.

And it works. Any chance you print anything else before sending the headers? headers must be sent before anything else. The middleware code should be prior to anything else.

您确定代码正在执行吗?执行一些"console.log"打印以确保正在调用enableCORS.

Are you sure the code is getting executed? do some 'console.log' prints to make sure the enableCORS is being called.

最后，使用chrome开发人员工具(或任何等效工具)查看从服务器返回的标头.对于chrome，请转到网络=>有问题的请求=>标头=>响应标头，并确保CORS标头在其中.

Lastly, use chrome developer tools (or any equivalent tool) to view the headers returned from the server. For chrome, go to network => the problematic request => headers => Response headers, and make sure the CORS headers are there.

更新 尝试使用以下内容(摘自此处):

Update Try using the following (taken from here):

res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); # OPTIONS removed
res.header('Access-Control-Allow-Headers', 'Content-Type');