CORS 和 Access-Control-Allow-Headers 是如何工作的?
时间:2023-09-03问题描述
我正在尝试将 CORS 请求从 domain.com 发送到 a.domain.com.
I'm trying to make CORS request POST from domain.com to a.domain.com.
我的 javascript 看起来像这样
My javascript looks like this
$('#fileupload').fileupload({
xhrFields: {
withCredentials: true
},
dataType: 'json',
url: $('#fileupload').data('path'),
singleFileUploads: true,
add: function(e, data){
data.submit();
}
});
起初我看到 OPTIONS 路由是这样调用的:
At first I see the OPTIONS route being called like so:
Request URL: https://a.domain.com/some/route
Request Method:OPTIONS
Status Code:200 OK
选项请求:
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Host:a.domain.com
Origin:http://domain.com:3000
Referer:http://domain.com:3000/home
选项响应
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:http://domain.com:3000
Connection:keep-alive
Content-Length:0
Content-Type:text/html;charset=utf-8
该请求返回 200 个类似声明.在我的服务器上,我与 POST 方法具有相同的路由,这就是我在 OPTIONS
That request comes back with a 200 like stated. On my server, I have the same route with POST method and this is what I get in return after the OPTIONS
Request URL:https://a.domain.com/some/route
发布请求
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryjwr5Pk7WBcfzMdbO
Origin:http://domain.com:3000
Referer:http://domain.com:3000/home
POST 请求被取消/失败.
我的问题是,我是否也需要在 POST 控制器上设置 access-control-allow-origin ?
My question is, do I need to have the access-control-allow-origin on the POST controller as well?
我有一个用于授权的 cookie,该 cookie 具有域 .domain.com,该 cookie 在请求中发送过一次,现在没有发送.知道为什么会这样吗?
I have a cookie for authorization that has domain .domain.com that cookie got sent across once in a request and it's not being sent now. Any idea why that would happen?
推荐答案
是的,你需要有 header Access-Control-Allow-Origin: http://domain.com:3000 或者Access-Control-Allow-Origin: * 在 OPTIONS 响应和 POST 响应中.您还应该在 POST 响应中包含标题 Access-Control-Allow-Credentials: true.
Yes, you need to have the header Access-Control-Allow-Origin: http://domain.com:3000 or Access-Control-Allow-Origin: * on both the OPTIONS response and the POST response. You should include the header Access-Control-Allow-Credentials: true on the POST response as well.
您的 OPTIONS 响应还应包含标头 Access-Control-Allow-Headers: origin, content-type, accept 以匹配请求的标头.
Your OPTIONS response should also include the header Access-Control-Allow-Headers: origin, content-type, accept to match the requested header.
这篇关于CORS 和 Access-Control-Allow-Headers 是如何工作的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
在 Angular 2/Typescript 中使用 IScrollUse IScroll in Angular 2 / Typescript(在 Angular 2/Typescript 中使用 IScroll)- Anime.js 在 Ionic 3 项目中不起作用anime.js not working in Ionic 3 project(Anime.js 在 Ionic 3 项目中不起作用)
- Ionic 3 - 使用异步数据更新 ObservableIonic 3 - Update Observable with Asynchronous Data(Ionic 3 - 使用异步数据更新 Observable)
- Angular 2:在本地 .json 文件中找不到文件Angular 2: file not found on local .json file(Angular 2:在本地 .json 文件中找不到文件)
- 在 Ionic 2 中,如何创建使用 Ionic 组件的自定义指In Ionic 2, how do I create a custom directive that uses Ionic components?(在 Ionic 2 中,如何创建使用 Ionic 组件的自定义指令?)
- 将 ViewChild 用于动态元素 - Angular 2 &离子2Use ViewChild for dynamic elements - Angular 2 amp; ionic 2(将 ViewChild 用于动态元素 - Angular 2 amp;离子2)