如果请求是同源但不遵循 header 指南,是否会触发预检请求?
[英]Will a preflight request be triggered if the request is same-origin but does not follow the header guidelines?
问题描述
From: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
来自: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
The following is an example of a request that will be preflighted:
const xhr = new XMLHttpRequest(); xhr.open('POST', 'https://bar.other/resources/post-here/'); xhr.setRequestHeader('X-PINGOTHER', 'pingpong'); xhr.setRequestHeader('Content-Type', 'application/xml'); xhr.onreadystatechange = handler; xhr.send('<person><name>Arun</name></person>');The example above creates an XML body to send with the
POSTrequest.POST请求一起发送。 Also, a non-standard HTTPX-PINGOTHERrequest header is set.X-PINGOTHER请求 header。 Such headers are not part of HTTP/1.1, but are generally useful to web applications.Content-Typeofapplication/xml, and since a custom header is set, this request is preflighted.application/xml的Content-Type,并且设置了自定义 header,因此该请求是预检的。
Will a preflight request be triggered if the request is same-origin but does not follow the header guidelines?如果请求是同源但不遵循 header 指南,是否会触发预检请求?
1 个解决方案
解决方案1
0 已采纳 2021-01-14 08:41:45
No, preflight requests are only done for cross-site requests.不,预检请求仅针对跨站点请求。 If you look at the beginning of the MDN article there is an image that explicitly says "Same origin-requets (always allowed)" as an example.如果您查看 MDN 文章的开头,有一张图片明确表示“同源请求(始终允许)”作为示例。
The below image isn't very visible if running SO in dark mode, if so, check the image in the article on the url below.如果在黑暗模式下运行 SO,下图不是很明显,如果是这样,请查看下面 url 上的文章中的图像。
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.