Cross-Origin Request Blocked:同源策略不允许读取远程资源。 CORS 预检响应未成功
[英]Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource. CORS preflight response did not succeed
问题描述
I'm using the openweathermap API to get a JSON object using the fetch API on my browser which is running on localhost.
我正在使用openweathermap API 来获取 JSON object 使用获取 ZDB974238714CA8DE634A 上运行在 myCE 上的 localhost 的 localhost。 I can get it to work by avoiding a CORS preflight by using a simple request (ie a GET request using content-type:text/plain).我可以通过使用简单的请求(即使用 content-type:text/plain 的 GET 请求)避免 CORS 预检来使其工作。 If I want anything else (eg application/json) then it does a preflight and this is where it fails.如果我想要其他任何东西(例如应用程序/json),那么它会进行预检,这就是它失败的地方。
The response I get is "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource" because "CORS preflight response did not succeed (response 405)".我得到的响应是“跨域请求被阻止:同源策略不允许读取远程资源”,因为“CORS 预检响应没有成功(响应 405)”。
I've checked the response header from api.openweathermap.org and this is what I get from the preflight request:我已经检查了来自 api.openweathermap.org 的响应 header ,这是我从飞行前请求中得到的:
HTTP/1.1 405 Method Not Allowed
Server: openresty
Date: Wed, 24 Aug 2022 10:47:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 40
Connection: keep-alive
X-Cache-Key: /data/2.5/weather?APPID=hidden_key&q=london,uk
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
The response contains Access-Control-Allow-Origin: * and the allowed method (GET) is listed so I'm assuming cross-site requests are accepted.响应包含 Access-Control-Allow-Origin: * 并列出了允许的方法 (GET),因此我假设跨站点请求被接受。 Am I missing something?我错过了什么吗? The obvious workaround is to use JSON.parse() but for my own learning I'd like to understand why this doesn't work.明显的解决方法是使用 JSON.parse() 但为了我自己的学习,我想了解为什么这不起作用。 A snippet of my code is below:我的代码片段如下:
const url='https://api.openweathermap.org/data/2.5/weather?q=London,uk&APPID=hidden_key_obvs';
const response=await fetch(url, {method: 'get', mode: 'cors', headers: {'Content-Type': 'application/json'}
});
Many thanks in advance!提前谢谢了!
1 个解决方案
解决方案1
1 已采纳 2022-08-24 13:53:35
The Content-Type request header tells the server what sort of data you are POSTing or PUTting in the request body. Content-Type请求header 告诉服务器您在请求正文中 POST 或 PUT 的数据类型。
You are making a GET request.您正在发出 GET 请求。
You don't have a request body.您没有请求正文。
You can't have a request body.您不能有请求正文。
Your Content-Type request header is a lie.您的Content-Type请求 header 是谎言。
The server you are trying to access doesn't accept the OPTIONS request because nothing it offers requires a preflighted request.您尝试访问的服务器不接受 OPTIONS 请求,因为它提供的任何内容都不需要预检请求。
You might be confusing Content-Type with Accept , which tells the server what sort of data types you can handle in its response.您可能会将Content-Type与Accept混淆,后者告诉服务器您可以在其响应中处理哪种数据类型。
I suspect the API won't pay attention to that and will always return JSON (with a Content-Type: application/json response header) regardless.我怀疑 API 不会注意这一点,并且无论如何都会返回 JSON (带有Content-Type: application/json响应标头)。
There is no need to use JSON.parse since the response object has a json method that will both extract the data from the response body and parse it from JSON in one go. There is no need to use JSON.parse since the response object has a json method that will both extract the data from the response body and parse it from JSON in one go.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.