沃梦达 / 编程问答 / 前端问题 / 正文

Javascript CORS - 不存在“Access-Control-Allow-Origin"标头

前端问题
2022-01-01

Javascript CORS - No #39;Access-Control-Allow-Origin#39; header is present(Javascript CORS - 不存在“Access-Control-Allow-Origin标头)

本文介绍了Javascript CORS - 不存在“Access-Control-Allow-Origin"标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在使用 CORS,遇到了以下问题.客户端抱怨没有 'Access-Control-Allow-Origin' 标头存在,而 它们存在,并且 客户端发出实际的 POST 请求 并且 收到 200.

I've been working with CORS and encountered the following issue. Client complains about no 'Access-Control-Allow-Origin' header is present, while they are present, and client make the actual POST request and receives 200. 

function initializeXMLHttpRequest(url) {  //the code that initialize the xhr
    var xhr = new XMLHttpRequest();
    xhr.open('POST', url, true);
    xhr.withCredentials = true;
    xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');

    //set headers
    for (var key in headers) {
        if (headers.hasOwnProperty(key)) {  //filter out inherited properties
            xhr.setRequestHeader(key,headers[key]);
        }
    }

        return xhr;
}

在 Chrome 中

chrome 控制台日志

chrome console log

Chrome 选项请求

Chrome OPTIONS request

Chrome POST 请求

Chrome POST request

在火狐中

Firefox 控制台日志

Firefox Console Log

Firefox 选项请求

Firefox OPTIONS request

Firefox POST 请求

Firefox POST request

推荐答案

简而言之:访问控制标头(例如 Access-Control-Allow-Origin)需要同时出现以响应 OPTIONS 和实际的POST.

In short: Access control headers (e.g. Access-Control-Allow-Origin) need to present in response for both OPTIONS and actual POST.

工作流程:

  1. Client 使用这些 HTTP 访问标头发出 OPTIONS 请求.(例如Origin、Access-Control-Request-Method、Access-Control-Request-Headers)

  1. Client make OPTIONS request with those HTTP access headers. (e.g. Origin, Access-Control-Request-Method, Access-Control-Request-Headers)

服务器响应这些访问控制标头,允许访问.(例如 Access-Control-Allow-Origin、Access-Control-Expose-Headers、Access-Control-Max-Age、Access-Control-Allow-Credentials、Access-Control-Allow-Methods、Access-Control-Allow-标题)

Server respond with those access control headers, allowing access. (e.g. Access-Control-Allow-Origin, Access-Control-Expose-Headers, Access-Control-Max-Age, Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers)

客户端使用数据发出 POST 请求.

Client makes POST request with data.

服务器响应 POST.如果服务器响应中不存在 Access-Control-Allow-Origin 标头.虽然 POST 成功并在 network 选项卡中显示 200 状态码,但 xhr.status 为 0 并且会触发 xhr.onerror.浏览器会显示错误消息.

Server respond to POST. If Access-Control-Allow-Origin header is NOT present in the server response. Although the POST is successful and shows 200 status code in network tab, xhr.status is 0 and xhr.onerror will be triggered. And browser would show up the error message.

标题参考:https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

这篇关于Javascript CORS - 不存在“Access-Control-Allow-Origin"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:Javascript CORS - 不存在“Access-Control-Allow-Origin"标头

上一篇: img 标签的 HTML 跨域属性
下一篇: 禁止预检 403 响应
猜你喜欢
最新文章
热门文章
网站首页 HTML/CSS 菜单 Layui Yii2