客户端javascript:不允许使用CORS时,如何获取HTTP请求的响应标头?
[英]Client-side javascript: how can I get the response header of a HTTP request when CORS is not allowed?
问题描述
In the browser, I'm doing an HTTP request. 
在浏览器中,我正在执行HTTP请求。 The resource at reqUrl doesn't enable CORS, so there's no response body. reqUrl处的资源未启用CORS,因此没有响应主体。 But how can I get the response header? 但是,如何获取响应头? (I can see it in the DevTools' network tab.) (我可以在DevTools的网络标签中看到它。)
var p = fetch(reqUrl, {
method: "POST",
headers: reqHeader,
body: reqBody
});
p.then(function () {
})
.catch(function (err) {
// CORS is disabled so I'm arriving here
// "TypeError: NetworkError when attempting to fetch resource."
});
1 个解决方案
解决方案1
2 已采纳 2017-06-09 13:47:01
You can't, unless it supports CORS and has the header name white-listed. 除非它支持CORS并且标头名称已列入白名单,否则您将无法这样做。 This is a security matter since getting forbidden header content is as risky as forbidden response content. 这是安全问题,因为获取禁止的标头内容与禁止的响应内容一样危险。 The dev tools feature is not restricted by the SOP, so it doesn't need such "perms" to show the user debug information. 开发工具功能不受SOP的限制,因此不需要此类“权限”即可显示用户调试信息。 You cannot reach any devtool info by scripts, so it's safe just to show to the user. 您无法通过脚本访问任何devtool信息,因此仅向用户显示是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.