飞行前响应中的Access-Control-Allow-Headers不允许请求标头字段时区
[英]Request header field Time-Zone is not allowed by Access-Control-Allow-Headers in preflight response
问题描述
I have a WEB API which I am consuming from POSTMAN, and it works perfectly fine: 
我有一个从POSTMAN使用的WEB API,它工作得很好:
Headers: 标头:
Content-Type:application/json X-Developer-Id:asdasdas X-Api-Key:asdasdas Authorization:Bearer sasdasdsa Time-Zone:Morocco Standard Time 内容类型:application / json X-Developer-Id:asdasdas X-Api-Key:asdasdas授权:Bearer sasdasdsa时区:摩洛哥标准时间
When I do a GET request in POSTMAN it works fine, however from angular 2 (Ionic 2) I get the following error: 当我在POSTMAN中执行GET请求时,它工作正常,但是从角度2(离子2)出现以下错误:
Request header field Time-Zone is not allowed by Access-Control-Allow-Headers in preflight response.
let params: URLSearchParams = new URLSearchParams();
params.set('date', date);
//Header
let headers = new Headers({
'Content-Type': AppSettings.ContentType,
'X-Developer-Id': AppSettings.XDeveloperId,
'X-Api-Key': AppSettings.XApiKey,
'Time-Zone': AppSettings.time_zone,
'Authorization': AppSettings.Authorization + localStorage.getItem("AccessToken")
});
var RequestOptions: RequestOptionsArgs = {
url: AppSettings.UrlAvailability + userId,
method: 'GET',
search: params,
headers: headers,
body: null
};
return this.http.get((AppSettings.UrlAvailability + userId), RequestOptions)
.map(res => res.json())
.do(data => { data },
err => console.log('error: ' + err));
First I would think that the API developers have to do something on the server side, like enabling that Time-Zone Header on CORS, however if that would be the case then we would get the same error on POSTMAN, but it works fine there. 首先,我认为API开发人员必须在服务器端执行某些操作,例如在CORS上启用时区标头,但是如果是这种情况,那么我们将在POSTMAN上收到相同的错误,但在那儿可以正常工作。
What am I missing here? 我在这里想念什么?
1 个解决方案
解决方案1
1 2017-04-28 15:06:48
This is something you need to configure on the server. 这是您需要在服务器上配置的内容。 You first need to make sure you have CORS support. 您首先需要确保您具有CORS支持。 I don't use ASP.NET, so I don't know how to do it. 我不使用ASP.NET,所以我不知道该怎么做。 I'm pretty sure a quick google search will find you the answer. 我敢肯定,快速的Google搜索将为您找到答案。 Then you need to make sure in that server CORS config, that special headers you want the client to be able to send are added to the CORS allowed headers. 然后,您需要确保在该服务器的CORS配置中,将希望客户端能够发送的特殊标头添加到CORS允许的标头中。 That's what the error is saying: that the headers are not included in the response header Access-Control-Allow-Headers . 那就是错误的意思:响应响应头中没有包含响应头Access-Control-Allow-Headers 。 The response header would look like 响应头看起来像
Access-Control-Allow-Headers: X-Developer-Id, X-Api-Key, Time-Zone, Authorization
To learn more about CORS, see the MDN 要了解有关CORS的更多信息,请参见MDN
First I would think that the API developers have to do something on the server side, like enabling that Time-Zone Header on CORS, however if that would be the case then we would get the same error on POSTMAN, but it works fine there
No, Postman does not have the same restrictions. 不,邮递员没有相同的限制。 It is a native desktop app. 这是一个本地桌面应用程序。 Fun fact: 99% of people who post questions on SO that hava a CORS problem, have somewhere in their post "...but it work with Postman!". 有趣的事实:99%的人在SO上发了一个CORS问题,在他们的帖子中写着“ ...但它与Postman一起工作!”。 So don't feel bad :-) 所以不要难过:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.