将CORS呼叫设定为GET not OPTIONS
[英]Setting CORS call to GET not OPTIONS
问题描述
I am creating a CORS call as follows: 
我正在创建一个CORS调用,如下所示:
createCORSRequest: function(method, url) {
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
if ("withCredentials" in xhr) {
// Check if the XMLHttpRequest object has a "withCredentials" property.
// "withCredentials" only exists on XMLHTTPRequest2 objects.
console.log("Sending request with credneitials");
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// Otherwise, check if XDomainRequest.
// XDomainRequest only exists in IE, and is IE's way of making CORS requests.
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
xhr.setRequestHeader('Authorization', 'Bearer bf6dcfd4e975a007dc8184be6bcf580c'); //Authorization details needed
return xhr;
}
The problem is that this is always sent as an OPTIONS call, which the server does not handle at all. 问题在于,它总是作为OPTIONS调用发送,服务器根本不处理。 If I remove 如果我删除
xhr.setRequestHeader('Authorization', 'Bearer bf6dcfd4e975a007dc8184be6bcf580c');
then it becomes a GET request but the server will not process it without the access token. 那么它将变成GET请求,但是如果没有访问令牌,服务器将无法处理该请求。
Is there a way to send the Authorization Header in the GET request ? 有没有一种方法可以在GET请求中发送授权标头?
Or will I have to modify the server to handle OPTIONS requests ? 还是我必须修改服务器以处理OPTIONS请求? Ie preflights and so forth. 即印前检查等等。
Thanks for the help. 谢谢您的帮助。
1 个解决方案
解决方案1
2 已采纳 2015-02-04 15:26:48
If you set an Authorization header then you are making a complex request and you have to handle the OPTIONS preflight before the browser will make the GET request. 如果设置了Authorization标头,那么您将提出一个复杂的请求,并且必须处理OPTIONS预检,然后浏览器才会发出GET请求。
You can't set the header without handling the OPTIONS request. 您必须先处理OPTIONS请求,才能设置标题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.