请求头字段的访问控制允许报头没有被访问控制允许,允许标题 [英] Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers
问题描述
我试图将文件发送到我的服务器与一个POST请求,但是当它发出它会导致错误:
I'm trying to send files to my server with a post request, but when it sends it causes the error:
Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
所以我一派错误,并添加标题:
So I googled the error and added the headers:
$http.post($rootScope.URL, {params: arguments}, {headers: {
"Access-Control-Allow-Origin" : "*",
"Access-Control-Allow-Methods" : "GET,POST,PUT,DELETE,OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
}
然后我得到的错误:
Then I get the error:
Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers
所以,我用Google搜索这一点,唯一类似的问题,我能找到提供了那么一个半封闭的答案是题外话。什么标题我应该添加/删除?
So I googled that and the only similar question I could find was provided a half answer then closed as off topic. What headers am I supposed to add/remove?
推荐答案
在服务器(即POST请求被发送到)需要包括访问控制允许-headers
头(ETC)的在其回应。将它们放在你的请求来自客户端没有任何效果。
The server (that the POST request is sent to) needs to include the Access-Control-Allow-Headers
header (etc) in its response. Putting them in your request from the client has no effect.
这是因为它是由服务器来指定它接受跨域请求(以及它允许内容类型
请求头,等等) - 客户端无法自行决定给定服务器应该允许CORS
This is because it is up to the server to specify that it accepts cross-origin requests (and that it permits the Content-Type
request header, and so on) – the client cannot decide for itself that a given server should allow CORS.
这篇关于请求头字段的访问控制允许报头没有被访问控制允许,允许标题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!