请求头字段的访问控制允许报头没有被访问控制允许，允许标题 [英] Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers

问题描述

我试图将文件发送到我的服务器与一个POST请求，但是当它发出它会导致错误：

I'm trying to send files to my server with a post request, but when it sends it causes the error:

Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

所以我一派错误，并添加标题：

So I googled the error and added the headers:

$http.post($rootScope.URL, {params: arguments}, {headers: {
            "Access-Control-Allow-Origin" : "*",
            "Access-Control-Allow-Methods" : "GET,POST,PUT,DELETE,OPTIONS",
            "Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
        }

然后我得到的错误：

Then I get the error:

Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers

所以，我用Google搜索这一点，唯一类似的问题，我能找到提供了那么一个半封闭的答案是题外话。什么标题我应该添加/删除？

So I googled that and the only similar question I could find was provided a half answer then closed as off topic. What headers am I supposed to add/remove?

推荐答案

在服务器（即POST请求被发送到）需要包括访问控制允许-headers 头（ETC）的在其回应。将它们放在你的请求来自客户端没有任何效果。

The server (that the POST request is sent to) needs to include the Access-Control-Allow-Headers header (etc) in its response. Putting them in your request from the client has no effect.

这是因为它是由服务器来指定它接受跨域请求（以及它允许​​内容类型请求头，等等） - 客户端无法自行决定给定服务器应该允许CORS

This is because it is up to the server to specify that it accepts cross-origin requests (and that it permits the Content-Type request header, and so on) – the client cannot decide for itself that a given server should allow CORS.

这篇关于请求头字段的访问控制允许报头没有被访问控制允许，允许标题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！