使用 POSTMAN 时不会出现 CORS 问题 [英] CORS issue doesn't occur when using POSTMAN
问题描述
我使用 POSTMAN 已经有一段时间了,用于为 RESTful Web 服务发送 HTTP 请求,如 GET、POST、PUT.最近遇到一个情况,通过浏览器向我的 REST API 发送请求时,我收到一条消息
I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that
请求的资源上不存在访问控制允许源头.
No Access Control Allow Origin Header is present on the Requested resource.
解决方案当然是向 API 添加这样的标头.然而奇怪的是,当我通过 POSTMAN 发送相同的请求时,我能够得到响应.
The solution was ofcourse to add such an header to the API. However strangely, When I sent the the same request through POSTMAN I was able to get back the response.
所以我想知道通过 POSTMAN 发送请求与通过浏览器发送请求有何不同.
So I want to know how is sending a request through POSTMAN different from sending a request through browser.
我解决了这个问题:CORS with POSTMAN,但它确实没有提供答案详细.
I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.
推荐答案
来自 Cross-Origin XMLHttpRequest 中Chrome 开发扩展文档:
From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:
常规网页可以使用 XMLHttpRequest 对象从远程发送和接收数据服务器,但它们受同源政策的限制.扩展没有那么有限.扩展程序可以与其源站之外的远程服务器通信,只要它首先请求跨源权限即可.
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
基本上,浏览器扩展程序比网页内容拥有更多权限.对于 Chrome 扩展程序,可以选择启用跨域访问.
Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.
这篇关于使用 POSTMAN 时不会出现 CORS 问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
