为什么CORS在不同的内容类型中给出不同的响应 [英] Why CORS gives different response at different content-types

问题描述

在没有请求内容类型的情况下调用第三方域的服务器时，我收到CORS错误而没有响应。但是当使用内容类型text / plain（这是响应的真实内容类型）进行调用时，我得到一个响应但是有一个CORS错误，所以我无法将其解析为dom。问题是为什么回应是第二次而不是第一次。两者仍然是CORS错误。如何从服务器获得响应后第二次解析错误？

When making a call to the server of the third party domain without a request content type, I get a CORS error and no response. But when making a call with a content type text/plain (which is the the true content-type of the response) then I get a response but with a CORS error so I am unable to parse that to the dom. The question is why is the response coming the second time and not the first time. Both are still a CORS error. How can I parse the error the second time since I am getting a response from the server?

   <!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script>
        var xhr = new XMLHttpRequest();
        xhr.open('GET', 'http://www.w3schools.com/xml/ajax_info.txt', true);
        xhr.setRequestHeader('content-type', undefined);
        xhr.onload = function () {
            console.log('Test');
        };
        xhr.send(null);
        var contentXHR = new XMLHttpRequest();
        contentXHR.open('GET', 'http://www.w3schools.com/xml/ajax_info.txt', true);
        contentXHR.setRequestHeader('content-type', 'text/plain');
        contentXHR.onload = function () {
            console.log('Test request header');
        };
        contentXHR.send(null);
    </script>
  </head>
    <body>
            Check console and network tab
    </body>
</html>

推荐答案

当你穿上指定 Content-type ，XHR执行 CORS预检请求。请注意，您的请求是 OPTIONS ，而不是 GET 。这就是为什么你没有从网络选项卡得到任何回复。

When you don't specify Content-type, XHR executes a CORS preflight request. Note that your request is OPTIONS, and not GET. That's why you don't get any response from the network tab.

根据 CORS规范：

一个标题据说是一个简单标题如果标题字段名称是对于Accept，Accept-Language或
Content-Language的
ASCII不区分大小写的匹配，或者它是ASCII不区分大小写的匹配for
Content-Type和标题字段值媒体类型（不包括
参数）是
application / x-www-form-urlencoded，multipart / form-data的ASCII不区分大小写的匹配项，或text / plain。

A header is said to be a simple header if the header field name is an ASCII case-insensitive match for Accept, Accept-Language, or Content-Language or if it is an ASCII case-insensitive match for Content-Type and the header field value media type (excluding parameters) is an ASCII case-insensitive match for application/x-www-form-urlencoded, multipart/form-data, or text/plain.

（...）

如果资源作者稍微复杂一点希望能够使用除简单的
方法之外的方法来处理跨源请求的
。在这种情况下，作者需要回复使用OPTIONS方法的预检请求
，然后需要处理使用所需方法的实际
请求（在此示例中为DELETE）并给出
一个适当的回应。

It gets slightly more complicated if the resource author wants to be able to handle cross-origin requests using methods other than simple methods. In that case the author needs to reply to a preflight request that uses the OPTIONS method and then needs to handle the actual request that uses the desired method (DELETE in this example) and give an appropriate response.

总之，如果你的Content-Type不同于 application / x-www-form-urlencoded ， multipart / form-data ，或 text / plain ，XHR将触发预检（发送 OPTIONS http动词）。

So, in summary, if your Content-Type is different than application/x-www-form-urlencoded, multipart/form-data, or text/plain, XHR will trigger the preflight (send a OPTIONS http verb).

这篇关于为什么CORS在不同的内容类型中给出不同的响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！