堆栈内存溢出
  简体   繁体   English

预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段

[英]Request header field is not allowed by Access-Control-Allow-Headers in preflight response

 原文  2016-09-22 07:36:17       java/ spring-mvc/ angular/ xmlhttprequest

问题描述

I am using angularjs2 in frontend & Java Spring as backend rest api & getting the error.我在前端和Java Spring中使用angularjs2作为后端rest api并得到错误。

XMLHttpRequest cannot load 'Some url'. Request header field appkey is not allowed by Access-Control-Allow-Headers in preflight response.

this is my angular code.这是我的角度代码。

private logInUrl = 'Some url'; // URL to JSON file


   authenticateUserCredentials(logIn: LogIn): Observable<ResponseClass> {

    let body = JSON.stringify(logIn);
    let headers = new Headers();
    headers.append('Content-type', 'application/json');
    headers.append('appKey', 'superadmin');

    let options = new RequestOptions({ headers: headers });

    return this.http.post(this.logInUrl, body, options)
                    .map(this.extractData)
                    .catch(this.handleError);
  }

and server side code in which we have used filter.和我们使用过滤器的服务器端代码。

public final class CorsFilter extends OncePerRequestFilter{
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
            // CORS "pre-flight" request
            response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
           // response.addHeader("Access-Control-Allow-Headers", "Content-type,X-Requested-With,Origin,accept");
            response.addHeader("x-access_token","Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
            response.addHeader("Access-Control-Max-Age", "1800");//30 min

        filterChain.doFilter(request, response);
    }
}

In PostMan app the rest api is working fine with both the headers appKey & Content-typePostMan应用程序中,其余 api 与标题appKey 和 Content-type都可以正常工作

Is this the correct way to implement appKey header or please suggest any other way to send the custom header or custom data in predefine headers.这是实现 appKey 标头的正确方法,还是请建议任何其他方式在预定义标头中发送自定义标头或自定义数据。

1 个解决方案

解决方案1
 0  2016-09-22 08:15:45

Angular2 is lower-casing the headers! Angular2 是小写标题!

So Content-Type will be content-type , check that your backend will allow it!所以Content-Type将是content-type ,请检查您的后端是否允许! :) :)

See also this question: Cross orgin error in google chrome for the api call另请参阅此问题: google chrome 中用于 api 调用的交叉组织错误

There I explain how to test your Angular2-post-method to verify that the angular-part is working fine.在那里,我解释了如何测试您的 Angular2-post-method 以验证 angular-part 是否正常工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段 x-xsrf-token - Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight response 预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段 ack 即使服务器已经允许它 - Request header field ack is not allowed by Access-Control-Allow-Headers in preflight response even the server already allowing it 在飞行前响应中,Access-Control-Allow-Headers不允许在Request标头字段中使用cors enable Access-Control-Allow-Origin - cors enable in Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response Angular Spring Boot:重定向错误:在飞行前响应中Access-Control-Allow-Headers不允许请求标头字段Content-Type - Angular Spring Boot: Redirection error: Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response CORS 策略:无法解析预检响应中的 Access-Control-Allow-Headers 响应头字段 - CORS policy: Cannot parse Access-Control-Allow-Headers response header field in preflight response 对预检请求的响应未通过访问控制检查:不存在“Access-Control-Allow-Origin”标头 - Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present 对预检请求的响应未通过访问控制检查:不存在“Access-Control-Allow-Origin”标头。 服务器错误 - Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present . Server error CORS:对预检请求的响应未通过访问控制检查:预检请求不允许重定向 - CORS : Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request 如何处理“对预检请求的响应未通过没有访问控制允许来源 header 存在于请求的资源上”来自 angular - How to handle “Response to preflight request doesn't pass No Access-control-Allow-Origin header is present on requested resource ” from angular in BE 在预检响应中,Access-Control-Allow-Methods不允许使用方法DELETE - Always got Method DELETE is not allowed by Access-Control-Allow-Methods in preflight response
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM