Javascript CORS - 不存在“Access-Control-Allow-Origin&quo
时间:2023-10-14问题描述
我一直在使用 CORS,遇到了以下问题.客户端抱怨没有 'Access-Control-Allow-Origin' 标头存在,而 它们存在,并且 客户端发出实际的 POST 请求 并且 收到 200.
I've been working with CORS and encountered the following issue. Client complains about no 'Access-Control-Allow-Origin' header is present, while they are present, and client make the actual POST request and receives 200.
function initializeXMLHttpRequest(url) { //the code that initialize the xhr
var xhr = new XMLHttpRequest();
xhr.open('POST', url, true);
xhr.withCredentials = true;
xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
//set headers
for (var key in headers) {
if (headers.hasOwnProperty(key)) { //filter out inherited properties
xhr.setRequestHeader(key,headers[key]);
}
}
return xhr;
}
在 Chrome 中
chrome 控制台日志
chrome console log
Chrome 选项请求
Chrome OPTIONS request
Chrome POST 请求
Chrome POST request
在火狐中
Firefox 控制台日志
Firefox Console Log
Firefox 选项请求
Firefox OPTIONS request
Firefox POST 请求
Firefox POST request
推荐答案
简而言之:访问控制标头(例如 Access-Control-Allow-Origin)需要同时出现以响应 OPTIONS 和实际的POST.
In short: Access control headers (e.g. Access-Control-Allow-Origin) need to present in response for both OPTIONS and actual POST.
工作流程:
Client 使用这些 HTTP 访问标头发出 OPTIONS 请求.(例如
Origin、Access-Control-Request-Method、Access-Control-Request-Headers)
Client make OPTIONS request with those HTTP access headers. (e.g.
Origin, Access-Control-Request-Method, Access-Control-Request-Headers)
服务器响应这些访问控制标头,允许访问.(例如 Access-Control-Allow-Origin、Access-Control-Expose-Headers、Access-Control-Max-Age、Access-Control-Allow-Credentials、Access-Control-Allow-Methods、Access-Control-Allow-标题)
Server respond with those access control headers, allowing access. (e.g. Access-Control-Allow-Origin, Access-Control-Expose-Headers, Access-Control-Max-Age, Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers)
客户端使用数据发出 POST 请求.
Client makes POST request with data.
服务器响应 POST.如果服务器响应中不存在 Access-Control-Allow-Origin 标头.虽然 POST 成功并在 network 选项卡中显示 200 状态码,但 xhr.status 为 0 并且会触发 xhr.onerror.浏览器会显示错误消息.
Server respond to POST. If Access-Control-Allow-Origin header is NOT present in the server response. Although the POST is successful and shows 200 status code in network tab, xhr.status is 0 and xhr.onerror will be triggered. And browser would show up the error message.
标题参考:https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
这篇关于Javascript CORS - 不存在“Access-Control-Allow-Origin"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
即使在调用 abort (jQuery) 之后,浏览器也会等待Browser waits for ajax call to complete even after abort has been called (jQuery)(即使在调用 abort (jQuery) 之后,浏览器也会等待 ajax 调用- JavaScript innerHTML 不适用于 IE?JavaScript innerHTML is not working for IE?(JavaScript innerHTML 不适用于 IE?)
- XMLHttpRequest 无法加载,请求的资源上不存在“AXMLHttpRequest cannot load, No #39;Access-Control-Allow-Origin#39; header is present on the requested resource(XMLHttpRequest 无法加载,请求的资
- XHR HEAD 请求是否有可能不遵循重定向 (301 302)Is it possible for XHR HEAD requests to not follow redirects (301 302)(XHR HEAD 请求是否有可能不遵循重定向 (301 302))
- XMLHttpRequest 206 部分内容XMLHttpRequest 206 Partial Content(XMLHttpRequest 206 部分内容)
- XMLHttpRequest 的 getResponseHeader() 的限制?Restrictions of XMLHttpRequest#39;s getResponseHeader()?(XMLHttpRequest 的 getResponseHeader() 的限制?)
最新文章
- 跨域 Ajax 请求在 Opera 和 IE9 中不起作用?
- 向 https://newsapi.org 发出请求时,CORS 政策出现问题
- hapi.js Cors Pre-flight 不返回 Access-Control-Allow-Origin
- jQuery Dropzone 的 CORS 问题并上传到 Imgur
- 启用 CORS AngularJS 以发送 HTTP POST 请求
- 获取 POST 请求中的空正文
- 由于 CORS 访问限制本地 mp3 文件,MediaElementAudio
- XmlHttpRequest 状态 0 而不是 IE 10 中的 401
- 如何在 Rails 4 应用程序中启用 CORS
- jQuery AJAX 调用导致错误状态 403