如何识别CORS预检请求？ [英] How can I identify a CORS preflight request?

问题描述

CORS预检请求显然使用OPTIONS方法，并具有Origin标头。但是，浏览器可以决定任何 HTTP请求以添加Origin标头。此外，OPTIONS可以用于除CORS之外的其他功能。 （如何）我可以确定是否一个请求是CORS预检请求的完全（没有假阳性或否定）？

A CORS preflight request obviously uses the OPTIONS method and has an Origin header. However, a browser can decide for any HTTP request to add an Origin header. Also, OPTIONS may be used for other functionality than CORS. (How) Can I identify exactly (without false positives or negatives) whether a request is a CORS preflight request?

推荐答案

检查访问控制 - 请求方法头。在预检请求以外的请求中发送它是没有意义的。

Check for the Access-Control-Request-Method header. It would not make much sense to send it in a request other than the preflight request.

这篇关于如何识别CORS预检请求？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！