如何使用cURL调试CORS请求? [英] How can you debug a CORS request with cURL?
问题描述
如何使用cURL调试CORS请求?到目前为止,我找不到任何方式来模拟预检请求。
curl。
使用cUrl发送常规CORS请求:
curl -HOrigin:http://example.com--verbose \
https://www.googleapis.com/discovery/v1/apis?fields=
-H原产地:http://example.com
flag是发出请求的第三方域。
- verbose
标志会列出整个回应,请求和响应标头。
我在上面使用的网址是向支持CORS的Google API发送的示例请求,但您可以替换任何要测试的网址。
响应应包含 Access-Control-Allow-Origin
标头。
使用cUrl发送预检请求:
curl -H :http://example.com\
-HAccess-Control-Request-Method:POST\
-H访问控制请求标头:X请求\
-X OPTIONS --verbose \
https://www.googleapis.com/discovery/v1/apis?fields=
这看起来与常规CORS请求类似,只是添加了一些:
-H
标志向服务器发送其他预检请求头
-X OPTIONS
标志表示这是一个HTTP OPTIONS请求。
如果预检请求成功,响应应包括 Access-Control-Allow-原始
,访问控制允许方法
和访问控制允许标题
响应头。如果预检请求不成功,则不应显示这些头,否则HTTP响应不会为200.
您还可以指定其他头,例如 -H
标志。 code> code> User-Agent
How can you debug CORS requests using cURL? So far I couldn't find any way to "simulate" the preflight request .
Here's how you can debug CORS requests using curl.
Sending a regular CORS request using cUrl:
curl -H "Origin: http://example.com" --verbose \
https://www.googleapis.com/discovery/v1/apis?fields=
The -H "Origin: http://example.com"
flag is the third party domain making the request. Substitute in whatever your domain is.
The --verbose
flag prints out the entire response so you can see the request and response headers.
The url I'm using above is a sample request to a Google API that supports CORS, but you can substitute in whatever url you are testing.
The response should include the Access-Control-Allow-Origin
header.
Sending a preflight request using cUrl:
curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
https://www.googleapis.com/discovery/v1/apis?fields=
This looks similar to the regular CORS request with a few additions:
The -H
flags send additional preflight request headers to the server
The -X OPTIONS
flag indicates that this is an HTTP OPTIONS request.
If the preflight request is successful, the response should include the Access-Control-Allow-Origin
, Access-Control-Allow-Methods
, and Access-Control-Allow-Headers
response headers. If the preflight request was not successful, these headers shouldn't appear, or the HTTP response won't be 200.
You can also specify additional headers, such as User-Agent
, by using the -H
flag.
这篇关于如何使用cURL调试CORS请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!