AngularJS对跨源资源执行OPTIONS HTTP请求 [英] AngularJS performs an OPTIONS HTTP request for a cross-origin resource

问题描述

我试图设置AngularJS与跨源资源通信，其中提供我的模板文件的资产主机是在不同的域，因此角度执行的XHR请求必须是跨域的。我已经添加了适当的CORS头到我的服务器的HTTP请求使这项工作，但它似乎不工作。问题是，当我在浏览器（chrome）中检查HTTP请求时，发送到资产文件的请求是一个OPTIONS请求（它应该是一个GET请求）。

I'm trying to setup AngularJS to communicate with a cross-origin resource where the asset host which delivers my template files is on a different domain and therefore the XHR request that angular performs must be cross-domain. I've added the appropriate CORS header to my server for the HTTP request to make this work, but it doesn't seem to work. The problem is that when I inspect the HTTP requests in my browser (chrome) the request sent to the asset file is an OPTIONS request (it should be a GET request).

我不知道这是否是AngularJS中的错误，或者如果我需要配置的东西。从我的理解，XHR包装器不能做一个OPTIONS HTTP请求，所以它看起来像浏览器试图找出是否允许下载资源首先执行GET请求。如果是这种情况，那么我需要设置CORS标题（Access-Control-Allow-Origin： http://asset.host ）。 ..）与资产主机一样吗？

I'm not sure whether this is a bug in AngularJS or if I need to configure something. From what I understand the XHR wrapper can't make an OPTIONS HTTP request so it looks like the browser is trying to figure out if is "allowed" to download the asset first before it performs the GET request. If this is the case, then do I need to set the CORS header (Access-Control-Allow-Origin: http://asset.host...) with the asset host as well?

推荐答案

OPTIONS请求不是一个AngularJS错误，原始资源共享标准强制浏览器表现。请参阅本文档： https://developer.mozilla.org/en-US/docs / HTTP_access_control ，其中概述部分中显示：

OPTIONS request are by no means an AngularJS bug, this is how Cross-Origin Resource Sharing standard mandates browsers to behave. Please refer to this document: https://developer.mozilla.org/en-US/docs/HTTP_access_control, where in the "Overview" section it says:

跨源资源共享标准通过添加新的HTTP
标头，允许服务器描述
允许使用Web浏览器读取该信息的一组起源。另外，
用于可能对用户数据产生副作用的HTTP请求方法（在
中;对于除GET之外的HTTP方法，或对于使用
的某些MIME类型的POST使用）。该规范要求浏览器
预检请求，通过HTTP OPTIONS请求头从服务器
请求支持的方法，然后在从
批准服务器时，发送实际请求与实际HTTP请求
方法。服务器还可以通知客户端是否应该与
请求一起发送凭据
（包括Cookie和HTTP身份验证数据）。

The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser. Additionally, for HTTP request methods that can cause side-effects on user data (in particular; for HTTP methods other than GET, or for POST usage with certain MIME types). The specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.

$ b b

很难提供一个适用于所有WWW服务器的通用解决方案，因为设置将根据您打算支持的服务器本身和HTTP动词而有所不同。我们鼓励您阅读这篇精彩的文章（ http://www.html5rocks.com/en / tutorials / cors / ），其中包含有关服务器需要发送的确切标题的详细信息。

It is very hard to provide a generic solution that would work for all the WWW servers as setup will vary depending on the server itself and HTTP verbs that you intend to support. I would encourage you to get over this excellent article (http://www.html5rocks.com/en/tutorials/cors/) that has much more details on the exact headers that needs to be sent by a server.

这篇关于AngularJS对跨源资源执行OPTIONS HTTP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！