如何跳过 OPTIONS 预检请求? [英] How to skip the OPTIONS preflight request?

问题描述

我开发了一个 PhoneGap 应用，现在它正在转变为移动网站.除了一个小故障外，一切正常.我通过 POST 请求使用某个第三方 API，该 API 在应用中运行良好，但在移动网站版本中失败.

I had developed a PhoneGap app which is now being transformed to a mobile website. Everything works smoothly besides one small glitch. I use a certain third party API via a POST request, which works fine in the app, but fails in the mobile website version.

仔细观察后，似乎 AngularJS(我猜实际上是浏览器)首先发送了一个 OPTIONS 请求.今天我学到了很多关于 CORS 的知识，但我似乎无法弄清楚如何完全禁用它.我无权访问该 API(因此不可能在该端进行更改)，但他们已将我正在处理的域添加到他们的 Access-Control-Allow-Origin 标头中.

After a closer look it seems like AngularJS (I guess the browser actually) is first sending an OPTIONS request. I learned a lot today about CORS, but I can't seem to figure out how to disable it altogether. I do not have access to that API (so changes at that side are impossible), but they have added the domain I am working on to their Access-Control-Allow-Origin header.

这是我正在谈论的代码:

This is the code I am talking about:

        var request = {
                language: 'fr',
                barcodes: [
                    {
                        barcode: 'somebarcode',
                        description: 'Description goes here'
                    }
                ]
            };
        }
        var config = {
            headers: { 
                'Cache-Control': 'no-cache',
                'Content-Type': 'application/json'
            }
        };
        $http.post('http://somedomain.be/trackinginfo', request, config).success(function(data, status) {
            callback(undefined, data);
        }).error(function(data, status) {
            var err = new Error('Error message');
            err.status = status;
            callback(err);
        });

如何阻止浏览器(或 AngularJS)发送该 OPTIONS 请求并直接跳到实际的 POST 请求?我使用的是 AngularJS 1.2.0.

How can I prevent the browser (or AngularJS) from sending that OPTIONS request and just skip to the actual POST request? I am using AngularJS 1.2.0.

提前致谢.

推荐答案

预检是由您的 application/json 的 Content-Type 触发的.防止这种情况的最简单方法是在您的情况下将 Content-Type 设置为 text/plain.application/x-www-form-urlencoded &multipart/form-data 内容类型也是可以接受的，但你当然需要适当地格式化你的请求负载.

The preflight is being triggered by your Content-Type of application/json. The simplest way to prevent this is to set the Content-Type to be text/plain in your case. application/x-www-form-urlencoded & multipart/form-data Content-Types are also acceptable, but you'll of course need to format your request payload appropriately.

如果您在进行此更改后仍然看到预检，那么 Angular 可能也会向请求添加 X-header.

If you are still seeing a preflight after making this change, then Angular may be adding an X-header to the request as well.

或者您可能有会触发它的标头(授权、缓存控制...)，请参阅:

Or you might have headers (Authorization, Cache-Control...) that will trigger it, see:

• https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS#Preflighted_requests

这篇关于如何跳过 OPTIONS 预检请求?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！