[英]Request header field is not allowed by Access-Control-Allow-Headers in preflight response
I am using angularjs2 in frontend & Java Spring as backend rest api & getting the error.我在前端和Java Spring中使用angularjs2作为后端rest api并得到错误。
XMLHttpRequest cannot load 'Some url'. Request header field appkey is not allowed by Access-Control-Allow-Headers in preflight response.
this is my angular code.这是我的角度代码。
private logInUrl = 'Some url'; // URL to JSON file
authenticateUserCredentials(logIn: LogIn): Observable<ResponseClass> {
let body = JSON.stringify(logIn);
let headers = new Headers();
headers.append('Content-type', 'application/json');
headers.append('appKey', 'superadmin');
let options = new RequestOptions({ headers: headers });
return this.http.post(this.logInUrl, body, options)
.map(this.extractData)
.catch(this.handleError);
}
and server side code in which we have used filter.和我们使用过滤器的服务器端代码。
public final class CorsFilter extends OncePerRequestFilter{
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
// CORS "pre-flight" request
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
// response.addHeader("Access-Control-Allow-Headers", "Content-type,X-Requested-With,Origin,accept");
response.addHeader("x-access_token","Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
response.addHeader("Access-Control-Max-Age", "1800");//30 min
filterChain.doFilter(request, response);
}
}
In PostMan app the rest api is working fine with both the headers appKey & Content-type在PostMan应用程序中,其余 api 与标题appKey 和 Content-type都可以正常工作
Is this the correct way to implement appKey header or please suggest any other way to send the custom header or custom data in predefine headers.这是实现 appKey 标头的正确方法,还是请建议任何其他方式在预定义标头中发送自定义标头或自定义数据。
Angular2 is lower-casing the headers! Angular2 是小写标题!
So Content-Type
will be content-type
, check that your backend will allow it!所以Content-Type
将是content-type
,请检查您的后端是否允许! :) :)
See also this question: Cross orgin error in google chrome for the api call另请参阅此问题: google chrome 中用于 api 调用的交叉组织错误
There I explain how to test your Angular2-post-method to verify that the angular-part is working fine.在那里,我解释了如何测试您的 Angular2-post-method 以验证 angular-part 是否正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.