IORS 3中的CORS地狱 [英] CORS Hell in Ionic 3

问题描述

我有一个与Ionic应用程序进行通信的后端服务器（Spring Boot，由nginx代理）。对于每个单个请求，它都会发送以下标头： access-control-request-headers：* ， access-control-allow-headers：* ，访问控制允许来源：* ，访问控制允许方法：GET，POST，PUT， HEAD，OPTIONS，DELETE，PATCH 。

I have a backend server (Spring Boot, proxied by nginx) that my Ionic application communicates with. With every single request, it sends the following headers: access-control-request-headers: *, access-control-allow-headers: *, access-control-allow-origin: *, access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS, DELETE, PATCH. No exceptions.

它也允许 OPTIONS 个请求，并为每个请求返回HTTP 200。

It also allows OPTIONS requests and returns HTTP 200 for every one of them.

现在，我有一个使用 @ angular / common / http 的离子应用程序。在浏览器中，一切正常，我可以优雅地发出 GET 和 POST 请求。

Now, I have an ionic app that uses @angular/common/http. In browser, everything works fine, I can make GET and POST requests gracefully.

但是在模拟器中（当我使用 ionic cordova模拟ios 运行时，我只能进行 GET 请求， POST 失败，并显示以下内容：

But in emulator (when I run with ionic cordova emulate ios, I can only make GET requests, POSTs fail with the following:

{"headers":{"normalizedNames":{},"lazyUpdate":null,"headers":{}},"status":0,"statusText":"Unknown Error","url":null,"ok":false,"name":"HttpErrorResponse","message":"Http failure response for (unknown url): 0 Unknown Error","error":{"isTrusted":true}}

如您所见，它表示 status：0 。这表示 CORS 问题，但我不知道如何进一步调试它。

As you can see, it says status: 0. This refers to a CORS issue, but I don't know how to further debug this.

我的请求全部通过Postman获得成功，甚至 curl 。只有在模拟器中它们才会失败。

My requests all succeed with Postman, and even with curl. It's only in emulator they fail.

推荐答案

CORS ，我希望这对某人有帮助。

CORS again, I am hoping that this might help someone:

显然是通配符 Acccess-Control-Allow-Headers 标头的（ * ）值仅在2016年5月被接受（ reference1 ， reference2 ），因此某些浏览器可能仍不支持它。因此，更改为：

Apparently wildcard(*) value for Acccess-Control-Allow-Headers header is only accepted in May 2016 (reference1, reference2), so some browsers might still not support it. So, changing from:

Access-Control-Allow-Headers: *

至

Access-Control-Allow-Headers: Content-Type, X-Auth-Token

（基本上，我的应用程序使用的标头的确切值） ，我能够解决此问题。显然我在台式机上使用的浏览器支持通配符头值，但模拟器和设备的浏览器不支持。绝对不是设备与模拟器的问题，而是浏览器与浏览器的问题。

(basically, the exact value of headers my application uses), I was able to resolve the issue. Apparently browser I am using on my desktop supports the wildcard header value, but the browser of the emulator and device doesn't. Definitely not a device vs. emulator issue, but a browser vs. browser issue.

这篇关于IORS 3中的CORS地狱的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！