問題描述
我一直在嘗試向服務器發送一個簡單的 iron-ajax 帖子,但它在預檢調用中一直失敗.對于我的生活,我無法弄清楚發生了什么,服務器上的所有 CORS 標頭似乎都是正確的.
I've been trying to make a simple iron-ajax post to the server, but it keeps failing at the preflight call. For the life of me I can't figure out what's going on, all the CORS headers seem to be correct on the server.
響應頭
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Access-Control-Allow-Origin:*
cache-control:must-revalidate, private, no-cache, no-store, max-age=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:138
Content-Type:text/html
請求標頭
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
請求確實是從 localhost 發出的,但我原以為 * 應該處理這個問題.
The request is indeed made from localhost, but I would have thought that the * should take care of that.
控制臺中顯示的錯誤是:OPTIONS https://... 403(禁止) 和
Errors that are showing up in the console are:
OPTIONS https://... 403 (Forbidden) and
XMLHttpRequest cannot load https://.... Response for preflight has invalid HTTP status code 403
感謝任何幫助/建議.
推薦答案
403 響應狀態表示服務器后端未配置為處理 OPTIONS 請求的一般問題,而不僅僅是 CORS 預檢 OPTIONS 請求.
The 403 response status indicates a general problem with the server backend not being configured to handle OPTIONS requests, not just CORS preflight OPTIONS requests.
服務器必須以 2xx 成功狀態(通常為 200 或 204)響應 OPTIONS 請求.
The server must respond to OPTIONS requests with a 2xx success status—typically 200 or 204.
如果服務器不這樣做,那么您將其配置為發送什么 Access-Control-* 標頭沒有任何區別.配置它以正確方式處理 OPTIONS 請求(發送 200 或 204 成功消息)的答案取決于它運行的服務器軟件.
If the server doesn’t do that, it makes no difference what Access-Control-* headers you have it configured to send. And the answer to configuring it to handle OPTIONS requests in the right way — to send a 200 or 204 success message — depends on what server software it’s running.
這篇關于禁止預檢 403 響應的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!