[英]I receive a 404 HTTP error with an API using javascript but not in my terminal
I am using the Pons dictionary API documented here: https://en.pons.com/assets/docs/api_dict.pdf It works when I use a get request in my mac terminal, but not when using XMLHttpRequest in my javascript file (shown below) when testing it in my browser. 我正在使用此处记录的Pons词典API: https : //en.pons.com/assets/docs/api_dict.pdf当我在Mac终端中使用get请求时,它起作用了,但是在我的javascript文件中使用XMLHttpRequest时,它却不起作用(在我的浏览器中对其进行测试时,如下所示。 It always gives me a 404 error and then states "Access to XMLHttpRequest at ' https://api.pons.com/v1/dictionary?q=casa&l=dees ' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."
它总是给我一个404错误,然后指出“ CORS策略阻止了对来自源'null'的XMLHttpRequest的访问' https://api.pons.com/v1/dictionary?q=casa&l=dees '预检请求未通过访问控制检查:它没有HTTP正常状态。”
Any ideas? 有任何想法吗?
I have tried making a request that does not require my X-Secret (credentials) and it works, but as soon as I set the X-Secret header it throws a 404 error. 我尝试过发出不需要我的X-Secret(凭证)的请求并且它可以工作,但是一旦我设置了X-Secret头,它就会引发404错误。 I need to set this heading for most request types.
我需要为大多数请求类型设置此标题。 Here is my code.
这是我的代码。 I have censored my credentials in the X-Secret header.
我已经在X-Secret标头中检查了我的凭据。
var request = new XMLHttpRequest()
let url = new URL('https://api.pons.com/v1/dictionary');
url.searchParams.set('q', 'casa');
url.searchParams.set('l', 'dees');
request.open('GET', url);
//request.withCredentials = true;
request.setRequestHeader("X-Secret", "***");
request.setRequestHeader("Access-Control-Allow-Origin", "*");
request.setRequestHeader("Access-Control-Allow-Credentials", "true");
request.setRequestHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
request.setRequestHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
request.send()
request.onload = function() {
// Begin accessing JSON data here
var data = JSON.parse(this.response)
if (request.status >= 200 && request.status < 400) {
console.log(data)
} else {
console.log('error')
}
}
CORS is "cross-origin resource sharing"; CORS是“跨域资源共享”; specifically, it's used to refer to policies that block requests between different domains.
特别是,它用于指代阻止不同域之间的请求的策略。 In this case, XHR is sending a "preflight request" -- that is, a request with verb OPTIONS (rather than GET, POST, etc.) -- to make sure the server will accept a real request.
在这种情况下,XHR将发送“预检请求”,即带有动词OPTIONS的请求(而不是GET,POST等),以确保服务器将接受实际请求。 It will do this whenever you use non-standard (and some standard but optional) headers.
每当您使用非标准(和一些标准但可选)标头时,它将执行此操作。 The preflight request is coming back as 404;
预检请求返回为404; the server doesn't support OPTIONS to that endpoint.
服务器不支持该端点的OPTIONS。
The way to get around CORS is to use a proxy. 解决CORS的方法是使用代理。 That is, have a backend script (in Node, PHP, whatever) on your domain that sends the request to the other API server and echoes its response.
也就是说,在您的域上有一个后端脚本(在Node,PHP中,无论如何),该脚本会将请求发送到另一个API服务器并回显其响应。 CORS only applies to AJAX requests, not backend ones, so this will get around the issue, and it is the accepted technique.
CORS仅适用于AJAX请求,不适用于后端请求,因此可以解决问题,这是公认的技术。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.