在Angular 2中使用基本身份验证进行预检CORS请求 [英] Preflight CORS requests with Basic Authentication in Angular 2
问题描述
我正在构建一个Angular 2应用,该应用需要发送带有基本身份验证的CORS(跨域资源共享)POST请求(
I am building an Angular 2 app that needs to send a CORS (Cross-origin resource sharing) POST request with Basic Authentication (https://en.wikipedia.org/wiki/Basic_access_authentication) to the server.
我很好地为POST请求本身设置了Authorization标头,但由于它是CORS,因此浏览器首先会自动发送预检OPTIONS请求. 不幸的是,服务器配置错误(为什么已通过身份验证的CORS请求的预检OPTIONS请求在Chrome中有效,但在Firefox中不起作用?),并且在预检中也需要基本身份验证.这是第三方服务器,我无法更改.
I am nicely setting the Authorization header for the POST request itself but as it is CORS, the browser first automatically sends the preflight OPTIONS request. Unfortunately the server is misconfigured (Why does the preflight OPTIONS request of an authenticated CORS request work in Chrome but not Firefox?) and requires the Basic Auth also in the preflight. It is a 3rd party server, I can't change it.
是否有办法克服它(例如,在预检前添加Authorizion标头,禁用预检,...)?
Is there a way to overcome it (e.g. add the Authorizion header to preflights, disable preflights, ...)?
推荐答案
浏览器发出预检请求仅是为了检查是否设置了CORS标头.如果没有获得所需的标题,那么您将无能为力.只是不会发出实际的POST请求.
The preflight request is made by the browser only to check if the CORS headers are set. If it doesn't get the required headers, there is nothing you can do. It will just not make the actual POST request.
您实际上可以做的是从您控制的服务器发出请求.为您的客户端提供一个API,以调用您的服务器,然后调用配置错误的服务器,并将响应转发给您的浏览器客户端.
What you actually can do, is to make the request from a server you control. Provide an API for your client to call your server and then make the call to the misconfigured server and forward the response to your browser client.
这篇关于在Angular 2中使用基本身份验证进行预检CORS请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
