根据要求,CORS无法通过OPTIONS进行响应(状态为0) [英] CORS fails on request with OPTIONS (Response with status: 0)
问题描述
更新:由于我获得了一些新信息,因此重写了该问题。历史记录在编辑中可见。
问题介绍
我有一个 api.nrzonline.nl
上运行的> django-rest-framework 应用程序。前端 ng2 + webpack
应用程序在域本身 nrzonline.nl
上运行。当向API发送带有 ng2-restangular
的请求时,我在控制台中收到以下错误:
Issue introduction
I have a django-rest-framework
application running on a subdomain api.nrzonline.nl
. The frontend ng2 + webpack
application is running on the domain itself nrzonline.nl
. When sending a request with ng2-restangular
to the API, I receive the following errors in my console:
zone.js OPTIONS http://api.nrzonline.com/project/ net::ERR_EMPTY_RESPONSE
EXCEPTION: Response with status: 0 for URL: null
当前问题
经过大量的卷发测试后,我发现发送带有 OPTIONS
的预检请求时,请求将失败。
The current issue
After quite some testing with curls, I found that all the requests fail when the preflight request with OPTIONS
is send.
带有 -X的请求GET
正常工作:
curl 'api.nrzonline.nl/skill/' -X GET
[{"id":1,"category":{"id":1,"title":"skill-a",...}]
(预检)请求
带有 -X选项的
失败,没有响应
curl 'api.nrzonline.nl/skill/' -X OPTIONS
curl: (52) Empty reply from server
在Django开发工具的API上执行此 -x选项
请求
Performing this -x OPTIONS
request on the API on the Django development server locally works without any issue's.
服务器设置
-
CORS_ORIGIN_ALLOW_ALL = True
-
CORS_ALLOW_METHODS
默认为允许OPTIONS
-
CORS_ALLOW_HEADERS
默认为
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_METHODS
is on default, which allowsOPTIONS
CORS_ALLOW_HEADERS
is on default
中间件:
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
]
我尝试过的事情
- 我已阅读到服务器可能需要HTTPS请求,但是当前没有激活的SSL证书。 (源)不过,我的确尝试使用
curl
c $ c>-不安全(源) - 使用
text / plain
而不是-H的
(来源(对答案的评论))application / json
发送请求内容类型:文本/纯文本
- I have read that it is possible that the server requires HTTPS request, but currently there is no SSL certificate active. (source) Though, I did try to
curl
with--insecure
(source) - Sending the request as
text/plain
instead ofapplication/json
with-H "Content-Type: text/plain"
(source (comment on answer))
问题
我在想什么/做错了什么,所以与 -X选项
失败。欢迎提供任何提示,解释或对可能解决方案的引用。
The question
What am I missing / doing wrong, so that the preflight with -X OPTIONS
is failing. Any tips, explanations or references to a possible solution are welcome.
推荐答案
解答积分归我的兄弟,托管人我的网站
问题是 DirectAdmin 相关。默认情况下,DirectAdmin仅允许 GET
, POST
和 HEAD
。
The issue was DirectAdmin related. By default DirectAdmin only allows GET
, POST
and HEAD
.
这些设置位于 include /etc/nginx/webapps.conf;
中,为:
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
添加 OPTIONS
应该解决问题。删除或注释掉代码块以允许任何请求方法。
Adding OPTIONS
should fix the problem. Remove or comment out the code block to allow any request method.
但是,修改 /etc/nginx/webapps.conf
可能会导致DirectAdmin在新的HTTPD更新期间覆盖此文件。文件< path_to_directadmin> / custombuild / costum / nginx / conf
用于生成 conf
文件。在此处进行修改应该可以避免丢失调整。
However, modifying /etc/nginx/webapps.conf
might cause DirectAdmin to override this file during a new HTTPD update. The file <path_to_directadmin>/custombuild/costum/nginx/conf
is used to generate a conf
file. Making your modifications here should prevent loss of your adjustments.
这篇关于根据要求,CORS无法通过OPTIONS进行响应(状态为0)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!