AngularJS进行了跨源资源的OPTIONS HTTP请求 [英] AngularJS performs an OPTIONS HTTP request for a cross-origin resource

问题描述

我试图安装AngularJS在那里它提供了我的模板文件中的资产主机是在不同的领域，因此XHR请求角执行必须是跨域与跨源资源进行通信。我已经添加了相应的CORS头我的HTTP请求，使这项工作服务器，但它似乎并没有工作。问题是，当我检查我的浏览器（Chrome）发送到资产文件的请求是OPTIONS请求的HTTP请求（它应该是一个GET请求）。

I'm trying to setup AngularJS to communicate with a cross-origin resource where the asset host which delivers my template files is on a different domain and therefore the XHR request that angular performs must be cross-domain. I've added the appropriate CORS header to my server for the HTTP request to make this work, but it doesn't seem to work. The problem is that when I inspect the HTTP requests in my browser (chrome) the request sent to the asset file is an OPTIONS request (it should be a GET request).

我不知道这是否是在AngularJS或者如果我需要配置什么的错误。从我了解的XHR包装，所以它看起来像浏览器试图找出是否允许不能让一个OPTIONS HTTP请求先下载该资产所执行的GET请求之前。如果是这样的话，那么我是否需要设置CORS头（访问控制允许来源： http://asset.host 。 ..）与资产主机呢？

I'm not sure whether this is a bug in AngularJS or if I need to configure something. From what I understand the XHR wrapper can't make an OPTIONS HTTP request so it looks like the browser is trying to figure out if is "allowed" to download the asset first before it performs the GET request. If this is the case, then do I need to set the CORS header (Access-Control-Allow-Origin: http://asset.host...) with the asset host as well?

推荐答案

OPTIONS请求是绝不AngularJS的错误，这是怎么跨来源资源共享标准规定的浏览器的行为。请参阅本文档：<一href=\"https://developer.mozilla.org/en-US/docs/HTTP_access_control\">https://developer.mozilla.org/en-US/docs/HTTP_access_control,这里的概述部分中这样说的：

OPTIONS request are by no means AngularJS bug, this is how Cross-Origin Resource Sharing standard mandates browsers to behave. Please refer to this document: https://developer.mozilla.org/en-US/docs/HTTP_access_control, where in the "Overview" section it says:

在跨来源资源共享工程标准通过增加新的HTTP
  头，让服务器来形容组是起源
  允许读取使用网络浏览器的信息。另外，
  对HTTP请求的方法，可能会导致对用户数据的副作用（在
  具体地，对于其它不是GET HTTP方法，或用于与POST用法
  某些MIME类型），该规范要求浏览器
  preflight的要求，征求服务器支持的方法
  使用HTTP OPTIONS请求头，然后，在审批，从
  服务器，发送与实际的HTTP请求的实际要求
  方法。服务器也可以通知客户端是否资格证书
  （包括Cookies和HTTP认证数据）应该被发送
  请求。

The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser. Additionally, for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.

这是很难提供一个通用的解决方案，将所有的WWW服务器的设置将根据服务器本身和你打算支持HTTP动词的不同而不同的工作。我会鼓励你得到这个优秀的文章了（<一href=\"http://www.html5rocks.com/en/tutorials/cors/\">http://www.html5rocks.com/en/tutorials/cors/)具有在需要由服务器发送的确切头得多的信息。

It is very hard to provide a generic solution that would work for all the WWW servers as setup will vary depending on the server itself and HTTP verbs that you intend to support. I would encourage you to get over this excellent article (http://www.html5rocks.com/en/tutorials/cors/) that has much more details on the exact headers that needs to be sent by a server.

这篇关于AngularJS进行了跨源资源的OPTIONS HTTP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！