响应预检请求的 Cors 问题
[英]Cors issue with response to preflight request
问题描述
I'm doing an axios call to get the blog articles, however I'm facing a CORS issue.
我正在拨打 axios 电话以获取博客文章,但是我遇到了 CORS 问题。 I tried everything and I don't understand the problem.我尝试了一切,但我不明白这个问题。 Here's my code:这是我的代码:
axios({
method: "POST",
url: process.env.REACT_APP_API_URL + '/pages/articles',
headers: { 'Content-Type': 'application/json;charset=UTF-8', "Access-Control-Allow-Origin": "*", "Accept": "application/json" },
data: {
country: localStorage.getItem("locale")
}
}).then(result => {
setPosts(result.data.json.articles);
});
In my /config/bootstrap.php在我的 /config/bootstrap.php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
header("Access-Control-Allow-Credentials: true");
header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "OPTIONS") {
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
header("HTTP/1.1 200 OK");
die();
}
The problem in the console is:控制台中的问题是:
Access to XMLHttpRequest at 'https://api.mysite.fr/pages/articles' from
origin 'https://mysite.fr' has been blocked by CORS policy: Response to
preflight request doesn't pass access control check: It does not have
HTTP ok status.
1 个解决方案
解决方案1
2 已采纳 2022-06-28 06:22:02
Please apply CORS validation on the server it needs to be server-side not front-end for the example: The request in JavaScript This shows you how to make a request in JavaScript that is allowed by this policy.请在服务器上应用 CORS 验证,它需要是服务器端而不是前端,例如:JavaScript 中的请求 这将向您展示如何在 JavaScript 中发出此策略允许的请求。
var http_request;
http_request = new XMLHTTPRequest();
http_request.onreadystatechange = function () { /* .. */ };
http_request.open("POST", "process.env.REACT_APP_API_URL + '/pages/articles'");
http_request.withCredentials = true;
http_request.setRequestHeader("Content-Type", "application/json");
http_request.send({ 'request': "authentication token" });
We're sending a POST request that contains JSON and we'll include our cookies.我们正在发送一个包含 JSON 的 POST 请求,并且我们将包含我们的 cookie。 It produces a request with these headers:它产生一个带有这些标头的请求:
Origin: https://mysite.fr
Access-Control-Request-Method: POST
Access-Control-Request-Headers: Content-Type
For PHP Project对于 PHP 项目
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
// you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
// may also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.