在Access-Control-Request-Headers下添加$ http标头
[英]$http headers gets added under Access-Control-Request-Headers
问题描述
Whenever I try to add custom Request headers to my $http request the headers does not show up in the Request, instead its comes under Access-Control-Request-Headers like Access-Control-Request-Headers:accept, testHeader See below the output in chrome's network tab: 
每当我尝试向我的$ http请求添加自定义请求标头时,标头不会显示在请求中,而是来自Access-Control-Request-Headers如Access-Control-Request-Headers:accept, testHeader请参阅下面的输出在chrome的网络选项卡中:
Request Headers:
OPTIONS /v/xyx/abc/query?q=SELECT%20duration%20FROM%20TimeTable HTTP/1.1
Host: example.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: XXXXXXXX Chrome XXXXXXX
Access-Control-Request-Headers: accept, testHeader
Accept: */*
Referer: http://localhost/test/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Whereas,I am expecting something like: 然而,我期待的是:
Request Headers:
OPTIONS /v/xyx/abc/query?q=SELECT%20duration%20FROM%20TimeTable HTTP/1.1
Host: example.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: XXXXXXXX Chrome XXXXXXX
Accept: application/json
testHeader: zdhfguwe87fg8378287efijb8
Referer: http://localhost/test/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
How can I prevent this from happening and show the headers under Request header? 如何防止这种情况发生并在Request header下显示标题?
See the config of the $http service in Angularjs that I've followed: 请参阅Angularjs中我所遵循的$ http服务的配置 :
//***TRIED BOTH OF THESE:
//***TRY#1 $http.get(url, {headers:{"Accept": "application/json", "testHeader": "zdhfguwe87fg8378287efijb8"}}).then(.......
//***TRY#2
$http({
method: 'GET',
url: url,
headers: {
"Accept": "application/json",
"testHeader": "zdhfguwe87fg8378287efijb8"
}
})
.then(
function(){
//success
console.log(arguments);
}, function(){
//fail
console.log(arguments);
});
2 个解决方案
解决方案1
6 2016-05-18 01:56:16
This is expected behavior as part of the CORS-preflight, which is an OPTIONS request. 这是预期的行为,作为CORS预检的一部分,这是一个OPTIONS请求。 Once this request succeeds, the actual GET request will be fired by the browser with the custom headers, because the server accepted them. 一旦此请求成功,浏览器将使用自定义标头触发实际的GET请求,因为服务器已接受它们。
Only a limited set of headers is approved by default for CORS requests, therefore to add others (including your custom header), the CORS-preflight request needs to ask the server for permission with the Access-Control-Request-Headers HTTP header. 对于CORS请求,默认情况下仅批准一组有限的标头,因此要添加其他标头(包括您的自定义标头),CORS预检请求需要向服务器Access-Control-Request-Headers HTTP标头的权限。
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests 请参阅: https : //developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
解决方案2
5 2017-10-24 15:06:16
It has bloody taken my 3 hours to search for the fxxking answer. 我花了3个小时来搜索fxxking的答案。 Basically it is simple, just let stupid server accept the custom header. 基本上它很简单,只需让愚蠢的服务器接受自定义标头。
What I have done were adding these to .htaccess 我所做的是将这些添加到.htaccess
<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type, x-custom-header-here"
</IfModule>
Now it allows server(API) to accept ajax request from everywhere with most methods and whatever your custom header is or headers are. 现在它允许服务器(API)接受来自任何地方的ajax请求,使用大多数方法以及任何自定义标头或标头。
it will erase error msg of 'Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.' 它将清除错误消息“预检响应中的Access-Control-Allow-Headers不允许请求头字段内容类型。”
fxxking all these stupid rule makers! fxxking所有这些愚蠢的规则制定者!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.