CORS 和 Access-Control-Allow-Headers 是如何工作的?

How do CORS and Access-Control-Allow-Headers work?(CORS 和 Access-Control-Allow-Headers 是如何工作的?)
本文介绍了CORS 和 Access-Control-Allow-Headers 是如何工作的?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将 CORS 请求从 domain.com 发送到 a.domain.com.

I'm trying to make CORS request POST from domain.com to a.domain.com.

我的 javascript 看起来像这样

My javascript looks like this

$('#fileupload').fileupload({
  xhrFields: {
    withCredentials: true
  },
  dataType: 'json',
  url: $('#fileupload').data('path'),
  singleFileUploads: true,
  add: function(e, data){
    data.submit();
  }
});

起初我看到 OPTIONS 路由是这样调用的:

At first I see the OPTIONS route being called like so:

Request URL: https://a.domain.com/some/route
Request Method:OPTIONS
Status Code:200 OK

选项请求:

Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Host:a.domain.com
Origin:http://domain.com:3000
Referer:http://domain.com:3000/home

选项响应

Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:http://domain.com:3000
Connection:keep-alive
Content-Length:0
Content-Type:text/html;charset=utf-8

该请求返回 200 个类似声明.在我的服务器上,我与 POST 方法具有相同的路由,这就是我在 OPTIONS

That request comes back with a 200 like stated. On my server, I have the same route with POST method and this is what I get in return after the OPTIONS

Request URL:https://a.domain.com/some/route

发布请求

Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryjwr5Pk7WBcfzMdbO
Origin:http://domain.com:3000
Referer:http://domain.com:3000/home

POST 请求被取消/失败.

我的问题是,我是否也需要在 POST 控制器上设置 access-control-allow-origin ?

My question is, do I need to have the access-control-allow-origin on the POST controller as well?

我有一个用于授权的 cookie,该 cookie 具有域 .domain.com,该 cookie 在请求中发送过一次,现在没有发送.知道为什么会这样吗?

I have a cookie for authorization that has domain .domain.com that cookie got sent across once in a request and it's not being sent now. Any idea why that would happen?

推荐答案

是的,你需要有 header Access-Control-Allow-Origin: http://domain.com:3000 或者Access-Control-Allow-Origin: * 在 OPTIONS 响应和 POST 响应中.您还应该在 POST 响应中包含标题 Access-Control-Allow-Credentials: true.

Yes, you need to have the header Access-Control-Allow-Origin: http://domain.com:3000 or Access-Control-Allow-Origin: * on both the OPTIONS response and the POST response. You should include the header Access-Control-Allow-Credentials: true on the POST response as well.

您的 OPTIONS 响应还应包含标头 Access-Control-Allow-Headers: origin, content-type, accept 以匹配请求的标头.

Your OPTIONS response should also include the header Access-Control-Allow-Headers: origin, content-type, accept to match the requested header.

这篇关于CORS 和 Access-Control-Allow-Headers 是如何工作的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

Update another component when Formik form changes(当Formik表单更改时更新另一个组件)
Formik validation isSubmitting / isValidating not getting set to true(Formik验证正在提交/isValiating未设置为True)
React Validation Max Range Using Formik(使用Formik的Reaction验证最大范围)
Validation using Yup to check string or number length(使用YUP检查字符串或数字长度的验证)
Updating initialValues prop on Formik Form does not update input value(更新Formik表单上的初始值属性不会更新输入值)
password validation with yup and formik(使用YUP和Formick进行密码验证)