jQuery CORS将GET转换为OPTIONS调用 [英] jQuery CORS turns GET into OPTIONS call
问题描述
这是我使用的示例代码
$.ajax({
type: "get",
url: "http://myserver.com",
beforeSend: function (xhr, data) {
xhr.setRequestHeader("Authorization", "xxxx");
}
});
当我检查这个调用在firebug我看到OPTIONS和我看不到授权代码请求标题。
CORS标题已添加到服务器端。
when I inspect this call in firebug I see OPTIONS and also I can't see Authorization code in request header. CORS headers has been added to server side.
response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
response.addHeader("Access-Control-Max-Age", "60");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Credentials", "true");
如果可以执行这样的查询,建议使用纯jQuery。
Idea is to use pure jQuery if it's possible to perform such a queries.
推荐答案
由于您正在发送跨源Ajax请求并指定具有此GET请求的授权头,因此预检(OPTIONS)正在发生。
The preflight (OPTIONS) is occurring due to the fact that you are sending a cross-origin ajax request AND specifying an Authorization header with this GET request.
此外(这不是一个问题)我建议删除 contentType
选项。这在GET请求的上下文中没有意义。 GET请求不应包含任何内容。所有数据都应包含在查询字符串中,或者可能包含标题。
Also (this is not causing an issue) I would suggest removing the contentType
option. This doesn't make sense in the context of a GET request. A GET request should not have any content. All data should be included in the query string or, possibly, headers.
授权标题不会与OPTIONS一起发送。您必须在服务器端确认,然后浏览器将发送基础GET。有关CORS的详情,请访问 https://developer.mozilla.org/en-US/ docs / HTTP / Access_control_CORS 。
The Authorization header will not be sent with the OPTIONS. You must acknowledge it server-side, and then the browser will send the underlying GET. Read more about CORS at https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS.
这篇关于jQuery CORS将GET转换为OPTIONS调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!