邮递员解决“无效的 CORS 请求"对于 POST 请求 [英] Postman Resolving "Invalid CORS request" for a POST Request
问题描述
我刚刚开始使用 Postman 来测试我正在集成的 API.
我有以下错误不断出现
<块引用>无效的 CORS 请求
注意以下几点:
- API 使用不记名令牌身份验证 (OAuth2).我有这个工作没有问题.
- 我确实成功获取了不记名令牌,将其分配给环境变量,然后尝试将其用于 RESTful 操作.
- 问题出在使用令牌的后续 RESTful 操作中.
- 当我使用旧令牌(通过 POST 操作)时,它理所当然地告诉我它已过期且未授权.
- 当我生成一个新的并尝试运行 restful 调用时,它给了我
Invalid CORS request
错误. - 使用 cURL,我没有问题.但是邮递员让我很沮丧.
到目前为止我发现了什么:
- 解决方案
这是您再次找到的答案:
<块引用>以防万一其他人有同样的问题,这里是如何解决它.在 Chrome 浏览器中转到 https://www.getpostman.com/docs/capture.单击拦截器扩展,然后选择添加到 chrome.添加后,浏览器和邮递员的右上角都会出现一个看起来像红绿灯的新图标.在邮递员中单击此按钮,它会变为绿色.
... 粗体翻译:
<块引用>然后向您的请求添加标头.标头 Key 应该是Origin",标头 Value 应该是您服务器的完整 URL(不要忘记
http://
或https://
).请注意,如果没有 Interceptor 插件,Chrome/Postman 将不允许您添加带有 Key of Origin 的 Header.
另请注意,至少在我的系统上,拦截器图标不再像交通灯.
I've just started using Postman to test an API I am integrating to.
I have the following error that keeps showing up
Invalid CORS request
Note the following:
- The API uses Bearer token authentication(OAuth2). I have this working without a problem.
- I do get the bearer token successfully, assign it to an Environment variable and then attempt to use it for the RESTful operations.
- The problem is in the subsequent RESTful operation that uses the token.
- When I use an old token (through a POST operation), it rightfully tells me that it is expired and not authorized.
- When I then generate a new one and try to run the restful call, it gives me that
Invalid CORS request
error. - Using cURL, I have no issues. But I am frustrated by Postman.
What I have found so far:
- Using postman with Http POST requests - I don't get the part in bold
Just in case anybody else has this same problem, here is how to solve it. Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light. In postman click this and it turns green. Then add a header to every request going to third light. Every header consists of the header name and a value. Start typing over the header name and a list of allowed http headers comes up. Choose "Origin". In the cell for value simply type the full URL of your server. (Do not forget the 'http://' or 'https://').
- What is the expected response to an invalid CORS request? - Best explanation I have seen so far on CORS errors.
The other material speaks about
Access-Control-Allow-Method header
,preflight requests
... and there is an illustrative Apache Tomcat flowchart of the CORS flow.
解决方案Here's the answer you found again:
Just in case anybody else has this same problem, here is how to solve it. Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light. In postman click this and it turns green.
... With the bit in bold translated:
Then add a header to your request. The header Key should be "Origin" and the header Value should be the full URL of your server (Do not forget the
http://
orhttps://
).Note that Chrome/Postman won't allow you to add a Header with a Key of Origin without the Interceptor plugin.
Also note that at least on my system the Interceptor icon no longer looks like a traffic light.
这篇关于邮递员解决“无效的 CORS 请求"对于 POST 请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!