使用自定义HTTP标头发送跨域请求时禁用预检OPTION请求 [英] Disable preflight OPTION request when sending a cross domain request with custom HTTP header

问题描述

我刚刚发现我的浏览器在尝试使用自定义http标头进行跨域ajax调用时发送了额外的OPTION请求。
我认为它被称为预检请求。

I've just found out that my browser was sending an extra "OPTION" request when trying to make a cross domain ajax call with a custom http header. I presume it is called "preflight request".

是否可以禁用此功能并发送初始请求？

Is it possible to disable this functionality and just send the initial request ?

这是我的javascript测试代码：

This is my javascript testing code :

$(document).ready(function() {
    $.ajax({
        url: "http://google.fr",
        crossDomain: true,
        headers: {
            "X-custom-parameter": true
        }
    });
});

感谢您的帮助！

推荐答案

不，绝对不可能绕过CORS预检请求。预检请求的存在是为了以安全的方式允许跨域请求。在上面的示例中，您尝试访问google.fr，但google.fr不支持CORS。 Google无法解决此问题，因为Google不支持其网页上的跨域请求。通常，如果您拥有服务器的所有权，那么您的选择是支持CORS，支持JSON-P等替代跨域攻击，或者使用服务器端代理。

No, it is definitely not possible to bypass the CORS preflight request. The preflight request exists to allow cross-domain requests in a safe manner. In your example above, you are trying to access google.fr, but google.fr doesn't support CORS. There is no way around this for Google, since Google doesn't support cross-domain requests on its web page. In general, if you have ownership of the server, your options are to support CORS, support alternative cross-domain hacks like JSON-P, or use a server-side proxy.

这篇关于使用自定义HTTP标头发送跨域请求时禁用预检OPTION请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！