[英]Request header field Time-Zone is not allowed by Access-Control-Allow-Headers in preflight response
我有一个从POSTMAN使用的WEB API,它工作得很好:
标头:
内容类型:application / json X-Developer-Id:asdasdas X-Api-Key:asdasdas授权:Bearer sasdasdsa时区:摩洛哥标准时间
当我在POSTMAN中执行GET请求时,它工作正常,但是从角度2(离子2)出现以下错误:
Request header field Time-Zone is not allowed by Access-Control-Allow-Headers in preflight response.
let params: URLSearchParams = new URLSearchParams();
params.set('date', date);
//Header
let headers = new Headers({
'Content-Type': AppSettings.ContentType,
'X-Developer-Id': AppSettings.XDeveloperId,
'X-Api-Key': AppSettings.XApiKey,
'Time-Zone': AppSettings.time_zone,
'Authorization': AppSettings.Authorization + localStorage.getItem("AccessToken")
});
var RequestOptions: RequestOptionsArgs = {
url: AppSettings.UrlAvailability + userId,
method: 'GET',
search: params,
headers: headers,
body: null
};
return this.http.get((AppSettings.UrlAvailability + userId), RequestOptions)
.map(res => res.json())
.do(data => { data },
err => console.log('error: ' + err));
首先,我认为API开发人员必须在服务器端执行某些操作,例如在CORS上启用时区标头,但是如果是这种情况,那么我们将在POSTMAN上收到相同的错误,但在那儿可以正常工作。
我在这里想念什么?
这是您需要在服务器上配置的内容。 您首先需要确保您具有CORS支持。 我不使用ASP.NET,所以我不知道该怎么做。 我敢肯定,快速的Google搜索将为您找到答案。 然后,您需要确保在该服务器的CORS配置中,将希望客户端能够发送的特殊标头添加到CORS允许的标头中。 那就是错误的意思:响应响应头中没有包含响应头Access-Control-Allow-Headers 。 响应头看起来像
Access-Control-Allow-Headers: X-Developer-Id, X-Api-Key, Time-Zone, Authorization
要了解有关CORS的更多信息,请参见MDN
首先,我认为API开发人员必须在服务器端执行某些操作,例如在CORS上启用该时区标头,但是如果是这种情况,那么我们将在POSTMAN上收到相同的错误,但是在这里可以正常工作
不,邮递员没有相同的限制。 这是一个本地桌面应用程序。 有趣的事实:99%的人在SO上发了一个CORS问题,在他们的帖子中写着“ ...但它与Postman一起工作!”。 所以不要难过:-)
请求标头字段Access-Control-Allow-Headers在预检响应中不允许使用Access-Control-Allow-Headers
[英]Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
飞行前响应中的Access-Control-Allow-Headers不允许请求标头字段Access-Control-Request-Methods
[英]Request header field Access-Control-Request-Methods is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许 Angularjs 请求标头字段 Access-Control-Allow-Headers
[英]Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
请求标头字段在预检响应中,Access-Control-Allow-Headers不允许使用If-None-Match
[英]Request header field If-None-Match is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许 XMLHttpRequest 请求标头字段 postman-token
[英]XMLHttpRequest Request header field postman-token is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段身份验证
[英]Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段授权
[英]Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
CORS 错误:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段授权
[英]CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
在预检响应中,Access-Control-Allow-Headers不允许请求头字段X-CSRFToken
[英]Request header field X-CSRFToken is not allowed by Access-Control-Allow-Headers in preflight response
XMLHttpRequest无法加载。 飞行前响应中Access-Control-Allow-Headers不允许使用请求标头字段密码
[英]XMLHttpRequest cannot load. Request header field password is not allowed by Access-Control-Allow-Headers in preflight response
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.