我是否使用cURL正确模拟了CORS,是否需要实现OPTIONS请求
[英]am I simulating CORS with cURL correctly and do I need to implement OPTIONS request
问题描述
I'm not very good with web server development as well as understanding how exactly http headers work. 
我对Web服务器开发以及对HTTP标头的工作方式了解不佳。 I've done quite a bit of reading but still a little confused. 我已经读了很多书,但还是有些困惑。 At the moment I'm trying to simulate CORS request with cURL. 目前,我正在尝试使用cURL模拟CORS请求。 (Need it for personal development). (需要用于个人发展)。 To do so I found a simple REST server written in C (C is the language I'm most familiar with). 为此,我找到了一个用C编写的简单REST服务器 (C是我最熟悉的语言)。 Code is actually located here . 代码实际上位于此处 。 I found this post which explains how to simulate CORS. 我发现这篇文章解释了如何模拟CORS。
Here is the problem: 这是问题所在:
If I run 如果我跑步
curl -H "Origin: http://localhost:3000" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
http://localhost:8537/test
The request fails with the following response 请求失败,并显示以下响应
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> OPTIONS /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 404 Not Found
< Connection: Keep-Alive
< Content-Length: 32
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:21:59 GMT
<
* Connection #0 to host localhost left intact
Page not found, do what you want
However if I run the same request with -X POST instead of -X OPTIONS , ie 但是,如果我使用-X POST而不是-X OPTIONS运行相同的请求,即
curl -H "Origin: http://localhost:3000" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X POST --verbose \
http://localhost:8537/test
The request succeeds with the following response: 该请求成功,并显示以下响应:
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> POST /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 19
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:25:28 GMT
<
Hello World!
* Connection #0 to host localhost left intact
(null)
I get the same results if execute 如果执行,我得到相同的结果
curl -H "Origin: http://localhost:3000" -X OPTIONS --verbose http://localhost:8537/test
and 和
curl -H "Origin: http://localhost:3000" -X POST --verbose http://localhost:8537/test
ie the request fails with OPTIONS request and succeeds with POST request. 即,该请求因OPTIONS请求而失败,而随着POST请求而成功。
The code does allow for CORS (at least that what I think). 该代码确实允许CORS(至少我认为的那样)。 Here is the line of code that does it 这是执行此操作的代码行
u_map_put(instance.default_headers, "Access-Control-Allow-Origin", "*");
So here are the questions: 所以这是问题:
- To simulate CORS, do I need to use OPTIONS request or a POST request? 为了模拟CORS,我需要使用OPTIONS请求还是POST请求?
- If I were to write a server similar to the one in the example, do I need to implement OPTIONS response or I can get away with POST/GET? 如果要编写与示例中的服务器类似的服务器,是否需要实现OPTIONS响应,还是可以摆脱POST / GET?
1 个解决方案
解决方案1
1 2019-01-20 15:31:59
In CORS, OPTIONS is being used for preflight requests . 在CORS中, OPTIONS用于预检请求 。 You're not necessarily need to handle OPTIONS requests, if you're issuing only "simple" CORS requests. 如果仅发出“简单” CORS请求,则不一定需要处理OPTIONS请求。
You can read the definition of Simple CORS Request here . 您可以在此处阅读Simple CORS Request的定义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.