如何在标头中使用Access-Control-Allow-Methods
[英]How to use Access-Control-Allow-Methods in header
问题描述
When I set header('Access-Control-Allow-Methods: GET'); 
当我设置header('Access-Control-Allow-Methods: GET'); in my PHP header, I expect that I can't Post something to that file. 在我的PHP标头中,我希望无法将某些内容发布到该文件中。 But it isn`t like this. 但这不是这样。 My firefox-browser shows the header in the console but do not act in any case. 我的firefox浏览器在控制台中显示了标题,但无论如何都不起作用。 I expected an behavior like on Access-Control-Allow-Origin where the access will be denied. 我预期会出现Access-Control-Allow-Origin之类的行为,在该行为中访问将被拒绝。
var requestConfig = {
url: "http://xyz.de/test7.php?",
method: "POST",
data: data
};
$.ajax(requestConfig)
This will be executed without any error. 这将被执行而没有任何错误。
Is Access-Control-Allow-Methods not supported or do I something wrong? 是否不支持Access-Control-Allow-Methods,或者我出了什么问题?
1 个解决方案
解决方案1
0 2016-03-01 14:45:47
What I understand from what I've read on MDN is that, this header is for preflighted request. 从我在MDN上阅读的内容了解到的是,此标头用于预检请求。 The browser will make an OPTION request to check what are the actual Methods accepted by the server and then do the request if it is an accepted method. 浏览器将发出一个OPTION请求,以检查服务器接受的实际方法是什么,如果请求被接受,则执行该请求。
So you should send this header on the preflight OPTION request, not the actual GET request. 因此,您应该在预检OPTION请求上发送此标头, 而不是实际的GET请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.