基于内容类型的预检请求触发器 [英] preflight request triggers based on content-type
问题描述
最近,我在阅读有关预检请求(OPTIONS)的信息,并且知道它总是在content-type为"application/json"或除"text/plain","application/x-www-"以外的其他类型时触发表单编码"和& "multipart/form-data内容类型"
Recently, I was reading about preflight request(OPTIONS) and got to know that it is always triggered when content-type is "application/json" or some other except "text/plain" ,"application/x-www-form-urlencoded" & "multipart/form-data Content-Types"
所以我的问题是,为什么总是针对诸如"application/json"之类的特定内容类型而不是针对上述内容类型而触发它.
So my question is why it is always getting triggered for specific content-type like "application/json" not for above mentioned content-type .
推荐答案
简单请求
一个简单的跨站点请求是满足以下所有条件的请求: 唯一允许的方法是:
A simple cross-site request is one that meets all the following conditions: The only allowed methods are:
GET
HEAD
POST
除了由用户代理自动设置的标头(例如,Connection,User-Agent等)之外,唯一允许手动设置的标头是:
Apart from the headers set automatically by the user agent (e.g. Connection, User-Agent, etc.), the only headers which are allowed to be manually set are:
Accept
Accept-Language
Content-Language
Content-Type
Content-Type标头的唯一允许值为:
The only allowed values for the Content-Type header are:
application/x-www-form-urlencoded
multipart/form-data
text/plain
已拒绝的请求
与简单请求(如上所述)不同,预检"请求首先通过OPTIONS方法向另一个域上的资源发送HTTP请求,以确定实际请求是否可以安全发送.跨站点请求这样被预检,因为它们可能会对用户数据产生影响.特别是在以下情况下,请求将被预检:
Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a request is preflighted if:
- 它使用GET,HEAD或POST以外的方法.另外,如果使用POST 发送具有Content-Type以外的Content-Type的请求数据 application/x-www-form-urlencoded,multipart/form-data或 文字/纯文字,例如如果POST请求将XML有效负载发送到 服务器使用application/xml或text/xml,则请求为 没事了.
- 它在请求中设置自定义标头(例如,请求使用标头 例如X-PINGOTHER)
- It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.
- It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)
希望这能回答您的问题,否则请发表评论.
Hope this answers your question else please make a comment.
这篇关于基于内容类型的预检请求触发器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
