请求头字段 Access-Control-Allow-Headers 在预检响应中不被允许 [英] Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
问题描述
我多次遇到 CORS 问题,通常可以修复它,但我想通过从 MEAN 堆栈范例中看到这一点来真正理解.
I have come across CORS issues multiple times and can usually fix it but I want to really understand by seeing this from a MEAN stack paradigm.
在我简单地在我的 express 服务器中添加中间件来捕获这些东西之前,但看起来有某种预挂钩错误地处理了我的请求.
Before I simply added middleware in my express server to catch these things, but it looks like there is some kind of pre-hook that is erroring out my requests.
预检响应中的 Access-Control-Allow-Headers 不允许请求头字段 Access-Control-Allow-Headers
Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
我认为我可以做到这一点:
I assumed that I could do this:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Headers","*")
})
或等价物,但这似乎无法解决问题.我当然也试过了
or the equivalent but this doesn't seem to fix it. I also of course tried
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Headers","Access-Control-Allow-Headers")
})
仍然没有运气.
推荐答案
当您开始使用自定义请求标头时,您将获得 CORS 预检.这是一个使用 HTTP OPTIONS
动词的请求,并包含多个标头,其中之一是 Access-Control-Request-Headers
列出客户端想要包含在请求.
When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS
verb and includes several headers, one of which being Access-Control-Request-Headers
listing the headers the client wants to include in the request.
您需要使用适当的 CORS 标头回复该 CORS 预检才能完成此工作.其中之一确实是Access-Control-Allow-Headers
.该标头需要包含与 Access-Control-Request-Headers
标头包含的相同的值(或更多).
You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers
. That header needs to contain the same values the Access-Control-Request-Headers
header contained (or more).
https://fetch.spec.whatwg.org/#http-cors-protocol更详细地解释了此设置.
https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.
这篇关于请求头字段 Access-Control-Allow-Headers 在预检响应中不被允许的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!