如何使用cURL调试CORS请求？ [英] How can you debug a CORS request with cURL?

问题描述

如何使用cURL调试CORS请求？到目前为止，我找不到任何方式来模拟预检请求。

解决方案

curl。

使用cUrl发送常规CORS请求：

  curl -HOrigin：http://example.com--verbose \ 
 https://www.googleapis.com/discovery/v1/apis?fields= 
  

-H原产地：http://example.com flag是发出请求的第三方域。

- verbose 标志会列出整个回应，请求和响应标头。

我在上面使用的网址是向支持CORS的Google API发送的示例请求，但您可以替换任何要测试的网址。

响应应包含 Access-Control-Allow-Origin 标头。

使用cUrl发送预检请求：

  curl -H ：http://example.com\ 
 -HAccess-Control-Request-Method：POST\ 
 -H访问控制请求标头：X请求\ 
 -X OPTIONS --verbose \ 
 https://www.googleapis.com/discovery/v1/apis?fields= 
  

这看起来与常规CORS请求类似，只是添加了一些：

-H 标志向服务器发送其他预检请求头

-X OPTIONS 标志表示这是一个HTTP OPTIONS请求。

如果预检请求成功，响应应包括 Access-Control-Allow-原始，访问控制允许方法和访问控制允许标题响应头。如果预检请求不成功，则不应显示这些头，否则HTTP响应不会为200.

您还可以指定其他头，例如 -H 标志。 code> code> User-Agent

How can you debug CORS requests using cURL? So far I couldn't find any way to "simulate" the preflight request .

解决方案

Here's how you can debug CORS requests using curl.

Sending a regular CORS request using cUrl:

curl -H "Origin: http://example.com" --verbose \
  https://www.googleapis.com/discovery/v1/apis?fields=

The -H "Origin: http://example.com" flag is the third party domain making the request. Substitute in whatever your domain is.

The --verbose flag prints out the entire response so you can see the request and response headers.

The url I'm using above is a sample request to a Google API that supports CORS, but you can substitute in whatever url you are testing.

The response should include the Access-Control-Allow-Origin header.

Sending a preflight request using cUrl:

curl -H "Origin: http://example.com" \
  -H "Access-Control-Request-Method: POST" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X OPTIONS --verbose \
  https://www.googleapis.com/discovery/v1/apis?fields=

This looks similar to the regular CORS request with a few additions:

The -H flags send additional preflight request headers to the server

The -X OPTIONS flag indicates that this is an HTTP OPTIONS request.

If the preflight request is successful, the response should include the Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers response headers. If the preflight request was not successful, these headers shouldn't appear, or the HTTP response won't be 200.

You can also specify additional headers, such as User-Agent, by using the -H flag.

这篇关于如何使用cURL调试CORS请求？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！