【发布时间】:2017-05-31 11:43:25
【问题描述】:
我的 FE 应用程序正在使用来自不同域的 API。我知道它应该触发 CORS,但据我了解,它不应该为每个请求创建预检。
根据docs,我不应该有GET 方法的预检请求。
Cross-site requests are preflighted like this since they may have implications to
user data. In particular, a request is preflighted if:
- It uses methods other than GET, HEAD or POST.
Also, if POST is used to send request data with a Content-Type
other than application/x-www-form-urlencoded, multipart/form-data,
or text/plain, e.g. if the POST request sends an XML payload to the
server using application/xml or text/xml, then the request is preflighted.
- It sets custom headers in the request
(e.g. the request uses a header such as X-PINGOTHER)
但是,我发送的每个请求都有预检 (OPTIONS) 请求,无论是 GET 还是 POST,我觉得这很奇怪(根据文档所说)。
我设置了一些标题(我用withCredentials: true 发送它),但我不认为这应该是问题:
headers.append('Access-Control-Allow-Origin', FRONTEND_URL);
headers.append('Accept', 'application/json');
headers.append('Content-Type', 'application/json');
headers.append('Authorization', this._generateApiKey());
headers.append('Language', this._languageISOCode);
我错过了什么吗?
【问题讨论】:
-
WithCredentials 是您的自定义标头,这意味着它会针对 GET/POST 请求进行预检
标签: javascript angular cors preflight