CORS 预检请求未通过访问控制检查:它没有 HTTP ok 状态 [英] CORS preflight request doesn't pass access control check: It does not have HTTP ok status

问题描述

我正在尝试使用授权标头向我的 Wordpress REST API 发出 GET/POST 请求，但作为回应，我得到了

I am trying to make a GET/POST Request to my Wordpress REST API using Authorization Headers but in response i am getting

预检请求未通过访问控制检查:它没有 HTTP ok 状态.

preflight request doesn't pass access control check: It does not have HTTP ok status.

我正在将 JWT 身份验证用于 WP-API 进行身份验证，并尝试了几乎所有在互联网上找到的可能选项，但没有成功.

I am using JWT Authentication for WP-API for Authentication and tried almost every possible option found on the internet but no luck.

看看我当前的 .htaccess 配置

Have a look at my current .htaccess configurations

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

</IfModule>

<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  <IfModule mod_setenvif.c>
    SetEnvIf Origin "^(http://localhost:3000)$" CORS=$0
  </IfModule>
  Header set Access-Control-Allow-Origin %{CORS}e env=CORS
  Header set Access-Control-Allow-Credentials "true" env=CORS
  Header set Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD" env=CORS
  Header set Access-Control-Allow-Headers "*" env=CORS
  Header set Access-Control-Expose-Headers "*" env=CORS
  <FilesMatch "\.(php|html)$">
  </FilesMatch>
</IfModule>

从 axios 发出请求时出现此错误

I am getting this error when the request is made from axios

从源 'http://localhost:3000' 访问位于 'HIDDEN_SERVER_ADDRESS' 的 XMLHttpRequest 已被 CORS 政策阻止:对预检请求的响应未通过访问控制检查:它没有 HTTP ok 状态.

Access to XMLHttpRequest at 'HIDDEN_SERVER_ADDRESS' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

在 PostMan 中，调用工作正常并给出了预期的结果.

In PostMan the calls are working fine and giving desired results.

推荐答案

在 .htaccess 中尝试所有可能的解决方案对我的情况没有帮助.因此，如果其他人在同一页面上，这里有一个对我有用的解决方案.

Trying every possible solution in .htaccess didn't help in my case. So if anyone else is on the same page here is a solution that worked for me.

将此代码放在 index.php 文件中，它会像魅力一样工作.

put this code in the index.php file and it will work like a charm.

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "OPTIONS") {
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
header("HTTP/1.1 200 OK");
die();
}

这篇关于CORS 预检请求未通过访问控制检查:它没有 HTTP ok 状态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！