请求标头字段 Access-Control-Allow-Headers 本身在预检响应中是不允许的 [英] Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
问题描述
我多次遇到 CORS 问题并且通常可以修复它,但我想通过从 MEAN 堆栈范例中看到这一点来真正理解.
I have come across CORS issues multiple times and can usually fix it but I want to really understand by seeing this from a MEAN stack paradigm.
在我只是在我的快速服务器中添加中间件来捕获这些东西之前,但看起来有某种预钩子会错误地输出我的请求.
Before I simply added middleware in my express server to catch these things, but it looks like there is some kind of pre-hook that is erroring out my requests.
预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段 Access-Control-Allow-Headers
Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
我认为我可以做到这一点:
I assumed that I could do this:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Headers","*")
})
或等效的,但这似乎并不能解决它.我当然也试过
or the equivalent but this doesn't seem to fix it. I also of course tried
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Headers","Access-Control-Allow-Headers")
})
还是没有运气.
推荐答案
当您开始使用自定义请求标头时,您将获得 CORS 预检.这是一个使用 HTTP OPTIONS 动词并包含多个标头的请求,其中一个是 Access-Control-Request-Headers 列出客户端想要包含在请求.
When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.
您需要使用适当的 CORS 标头回复该 CORS 预检以使其正常工作.其中之一确实是 Access-Control-Allow-Headers.该标头需要包含与 Access-Control-Request-Headers 标头包含(或更多)相同的值.
You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).
https://fetch.spec.whatwg.org/#http-cors-protocol更详细地解释此设置.
这篇关于请求标头字段 Access-Control-Allow-Headers 本身在预检响应中是不允许的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
