AngularJS 禁用 CORS? [英] AngularJS disabling CORS?
问题描述
也许我完全遗漏了一些东西,但我有一个在本地运行的服务器,并且没有将 Angular 配置为对 $http 请求使用 CORS.当我向 localhost:
发出 HTTP 请求时,我看到 Chrome 首先创建了一个 OPTIONS 请求.
Maybe I'm missing something entirely, but I have a server running locally, and have not configured Angular to use CORS for $http requests. When I make an HTTP request to localhost:<port>
, I see Chrome create an OPTIONS request first.
因为我需要支持 IE 8 - 而 AngularJS 肯定不会在那里使用 CORS - 我需要删除 CORS.
Because I need to support IE 8 - and AngularJS definitely will not work there with CORS - I need to remove CORS.
我尝试使用 $http.post
包装器直接设置 POST
方法 not ,但无济于事.也许这与 https://github.com/angular/angular.js/issues/有关1585
I have tried directly setting the POST
method not using the $http.post
wrapper with no avail. Perhaps this is related to https://github.com/angular/angular.js/issues/1585
我还尝试直接从控制器调用 jQuery ajax 帖子 - 即使 CORS 选项为 false(因为它似乎默认为 true).它仍然会创建 CORS 请求.
I've also tried calling a jQuery ajax post directly from a controller - even with the CORS option as false (because it seemed to default to true). It still creates a CORS request.
这是什么配置?
推荐答案
CORS 是您请求 url 的结果,不是您可以设置的任何配置.如果您的来源与请求 url 协议/域/端口不匹配,您将收到 CORS 请求——没有例外.
CORS is a result of your request url, not of any configuration you can set. If your origin does not match the request url protocol/domain/port, you will get a CORS request--no exceptions.
例如,来源为 http://www.example.com:8080 :
这是一个 CORS 请求:http://example.com:8080/path.json(不同的子域)
This is a CORS request: http://example.com:8080/path.json (different subdomain)
这是一个 CORS 请求:http://www.example.com/path.json(不同的端口)
This is a CORS request: http://www.example.com/path.json (different port)
这是一个 CORS 请求:https://www.example.com:8080/path.json(不同的协议)
This is a CORS request: https://www.example.com:8080/path.json (different protocol)
这不是 CORS 请求:http://www.example.com:8080/path.json(协议、域和端口都与源匹配)
This is NOT a CORS request: http://www.example.com:8080/path.json (the protocol, domain, and port all match the origin)
话虽如此,发生 OPTIONS 请求是因为您有标准标头之外的标头(很可能,您的请求具有 X-Requested-With 标头).在 Angular.js 中,您可以使用以下命令删除它:
That being said, the OPTIONS request is happening because you have a header outside of the standard headers (very likely, your request has an X-Requested-With header). In Angular.js, you can remove this with:
angular.module('yourModuleHere')
.config(function ($httpProvider) {
delete $httpProvider.defaults.headers.common['X-Requested-With'];
});
请注意,对于 Angular.js 1.2 及更高版本,X-Requested-With 不在默认的通用标头列表中.您无需将其从列表中删除.
Note that for Angular.js 1.2 and above, X-Requested-With is not in the default common headers list. You don't need to remove it from the list.
这篇关于AngularJS 禁用 CORS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!