使用 XHR 请求 API 时出现 CORS 错误
[英]I get a CORS-Error while doing a request for a API using XHR
问题描述
We're making a request for an API from one of our online-distributors.
我们正在向我们的在线分销商之一提出 API 请求。 However, we get a CORS-Error.但是,我们收到了 CORS 错误。
Access to XMLHttpRequest at 'https://api.cloud.im/marketplace/eu/products' from origin 'http://www.im-cmp.ch' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.来自“http://www.im-cmp.ch”的“https://api.cloud.im/marketplace/eu/products”上的 XMLHttpRequest 访问已被 CORS 政策阻止:对预检请求的响应不会通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
We did the request in Postman and it worked.我们在 Postman 中完成了请求,并且成功了。 I tried to set the requestHeaders the exact same way they are set in Postman (including the hidden headers), however, there is an Error since the hidden headers can't be set.我尝试以与 Postman 中设置的方式完全相同的方式设置 requestHeaders(包括隐藏标头),但是,由于无法设置隐藏标头,因此出现错误。
Refused to set unsafe header "Host"拒绝设置不安全的标头“Host”
Is this a client or a server problem?这是客户端问题还是服务器问题? Am I maybe missing a requestHeader?我可能缺少 requestHeader 吗?
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://api.cloud.im/marketplace/eu/products");
xhr.setRequestHeader("X-Subscription-Key", "OUR PERSONAL SUBSCRIPTION KEY");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Authorization", "OUR BEARER TOKEN");
// xhr.setRequestHeader("Host", "http://www.im-cmp.ch/");
xhr.setRequestHeader("accept", "*/*");
// xhr.setRequestHeader("Accept-Encoding", "gzip, deflate, br");
// xhr.setRequestHeader("Connection", "keep-alive");
xhr.send();
1 个解决方案
解决方案1
1 2021-10-28 09:17:23
This is definitely a server problem.这绝对是服务器问题。
The server has to send the Access-Control-Allow-Origin -header: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS .服务器必须发送Access-Control-Allow-Origin -header: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS 。
Also, the error states that this happened during a preflight -request, meaning there was a OPTIONS request made beforehand, which would also need the response-header(s) needed for CORS.此外,错误指出这是在preflight请求期间发生的,这意味着事先提出了一个OPTIONS请求,这也需要 CORS 所需的响应头。
The request works in Postman, since CORS is a feature only really relevant in browsers, to protect users.该请求在 Postman 中有效,因为 CORS 是一项仅在浏览器中真正相关的功能,以保护用户。
Edit:编辑:
Also it is important that the server allows the request-headers you are sending using the Access-Control-Allow-Headers -header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers同样重要的是,服务器允许您使用Access-Control-Allow-Headers -header 发送请求标Access-Control-Allow-Headers : https : //developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access -Control-Allow-Headers
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.