禁用身份验证在Tomcat中OPTIONS请求 [英] Disable authentication for OPTIONS requests in Tomcat

问题描述

我有基本身份验证保护的API。当我想使AJAX请求对API，浏览器发送一个OPTIONS请求，因此被拒绝，因而我的AJAX调用不是由浏览器允许不携带Authorization头。

I have an API protected by basic auth. When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.

我想配置Tomcat来无法验证选项请求，但我不设法得到它的工作。

I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.

有人来帮助我得到它的工作原理？

Someone to help me to get it works?

感谢：）

推荐答案

我找到了解决办法，我必须指定在其上应用认证的HTTP方法的列表。默认情况下是适用于所有的方法。

I found the solution, I had to specify the list of HTTP methods on which the authentication was applied. Default is to apply on all methods.

这篇关于禁用身份验证在Tomcat中OPTIONS请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！