如何解决“预检无效(重定向)"或“预检请求不允许重定向" [英] How to resolve 'preflight is invalid (redirect)' or 'redirect is not allowed for a preflight request'

问题描述

我已按照此步骤设置服务器以启用CORS. https ://docs.microsoft.com/zh-CN/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

I have followed this step to setup my server to enable CORS. https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

但是现在在我的浏览器开发控制台中，我看到以下错误消息:

But now in my browser dev console, I see this error message:

XMLHttpRequest无法加载 https://serveraddress/abc .回应 飞行前无效(重定向)

XMLHttpRequest cannot load https://serveraddress/abc. Response for preflight is invalid (redirect)

您知道该如何解决吗?我正在HTTPS中发出CORS请求.我认为这是导致印前检查无效(重定向)"失败的原因.但是我不知道为什么或什么重定向了OPTIONS请求.

Do you know what can I do to fix it? I am making a CORS request in HTTPS. I think that is causing the 'preflight is invalid (redirect)' failure. But I don't know why or what is redirecting the OPTIONS request.

谢谢.

推荐答案

您的代码正在触发您的浏览器发送

Your code is triggering your browser to send a CORS preflight OPTIONS request, and the server’s responding with a 3xx redirect. It needs to respond with a 2xx success message instead.

您也许可以调整代码以避免触发浏览器发送OPTIONS请求.

You may be able to adjust your code to avoid triggering the browser to send the OPTIONS request.

就这种情况下的所有情况而言，重要的是要知道浏览器在以下情况下会进行CORS的预检:

As far as what all’s going on in this case, it’s important to know browsers do a CORS preflight if:

• 请求方法不是GET，HEAD或POST
之外的任何其他方法
• 您已设置了Accept，Accept-Language，Content-Language，Content-Type，DPR，Downlink，Save-Data，Viewport-Width或Width以外的自定义请求标头
• Content-Type请求标头的值不是application/x-www-form-urlencoded，multipart/form-data或text/plain

• the request method is anything other than GET, HEAD, or POST
• you’ve set custom request headers other than Accept, Accept-Language, Content-Language, Content-Type, DPR, Downlink, Save-Data, Viewport-Width, or Width
• the Content-Type request header has a value other than application/x-www-form-urlencoded, multipart/form-data, or text/plain

如果您无法更改代码以避免浏览器进行预检，那么另一种选择是:

If you can’t change your code to avoid need for browsers to do a preflight, then another option is:

1. 在对OPTIONS请求的响应中，检查Location响应标头中的URL.
2. 更改您的代码以直接向其他网址发出请求.

1. Examine the URL in the Location response header in the response to the OPTIONS request.
2. Change your code to make the request to that other URL directly instead.

URL之间的区别可能只是路径中的斜杠一样简单，例如，您可能需要将代码中的URL更改为http://localhost/api/auth/login/(请注意斜杠)而不是http://localhost/api/auth/login(没有结尾的斜杠.

The difference between the URLs might be something as simple as a trailing slash in the path — for example, you may need to change the URL in your code to http://localhost/api/auth/login/ (notice the trailing slash) rather than http://localhost/api/auth/login (no trailing slash).

您可以使用浏览器devtools中的网络"窗格检查对OPTIONS请求的响应，并在Location响应标头的值中找到重定向URL.

You can use the Network pane in browser devtools to examine the response to the OPTIONS request and to find the redirect URL in the value of the Location response header.

这篇关于如何解决“预检无效(重定向)"或“预检请求不允许重定向"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！