如何在CORS中解决'预检无效（重定向）' [英] How to resolve 'preflight is invalid (redirect)' in CORS

问题描述

我已按照此步骤设置我的服务器以启用CORS。
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

I have followed this step to setup my server to enable CORS. https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

但现在在我的浏览器开发控制台中，我看到以下错误消息：

But now in my browser dev console, I see this error message:

XMLHttpRequest无法加载 https：// serveraddress / abc 。
预检的响应无效（重定向）

XMLHttpRequest cannot load https://serveraddress/abc. Response for preflight is invalid (redirect)

您知道我该怎么做才能修复它？我在HTTPS中发出CORS请求。我认为这导致'预检无效（重定向）'失败。但我不知道为什么或什么是重定向OPTIONS请求。

Do you know what can I do to fix it? I am making a CORS request in HTTPS. I think that is causing the 'preflight is invalid (redirect)' failure. But I don't know why or what is redirecting the OPTIONS request.

谢谢。

推荐答案

您的代码导致您的浏览器发送执行重定向的CORS预检OPTIONS请求。

Your code’s causing your browser to send a CORS preflight OPTIONS request that does a redirect.

在这种情况下，浏览器当前拒绝遵循重定向，因为CORS规范以前需要浏览器才能执行此操作。限制实际上不再符合规范，但浏览器需要更新其实现以匹配规范更改。

Browsers currently refuse to follow the redirect in that case, because the CORS spec previously required browser to do that. The restriction is actually no longer in the spec, but browsers need to update their implementations to match the spec change.

您可以调整代码以避免触发浏览器发送OPTIONS请求。

You may be able to adjust your code to avoid triggering the browser to send the OPTIONS request.

就这种情况而言，首先要注意的是，浏览器在以下情况下进行CORS预检：

As far as what all is going on for this case, the first thing to note is, browsers do a CORS preflight if:

• 请求方法不是GET，HEAD或POST


• 您已设置自定义请求标头除接受，接受语言，内容语言 ， Content-Type ， DPR ， Downlink ，保存数据，视口宽度或宽度


• Content-Type 请求标头的值不是 application / x-www-form-urlencoded ， multipart / form-data 或 text / plain

• the request method is anything than GET, HEAD, or POST
• you’ve set custom request headers other than Accept, Accept-Language, Content-Language, Content-Type, DPR, Downlink, Save-Data, Viewport-Width, or Width
• the Content-Type request header has a value other than application/x-www-form-urlencoded, multipart/form-data, or text/plain

如果你不能改变代码以避免n eed让浏览器进行预检，然后另一个选项是：

If you can’t change your code to avoid need for browsers to do a preflight, then another option is:

1. 检查响应并查看服务器在OPTIONS后重定向到的URL 。


2. 更改您的代码以直接向其他网址发出请求。

参见使用预检和重定向的CORS请求：不允许的答案。解决方法？有关可能的解决方法的详细信息。

See the answer at CORS request with Preflight and redirect: disallowed. Workarounds? for details on possible workaround.

同样如此，对于不遵循CORS预检重定向的浏览器的限制不再符合规范，但是浏览器需要更新其实现以匹配规范更改。

Also as noted there, the restriction on browsers not following redirects for CORS preflights is no longer in the spec, but browsers need to update their implementations to match the spec change.

这篇关于如何在CORS中解决'预检无效（重定向）'的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！