[英]Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (nginx)
https://example.com 将ajax pre-request(beforeSend) 发送到https://api.example.com (nginx)
$.ajax({
method: "POST",
url: 'https://api.example.com',
xhrFields: {withCredentials: true},
data: {...},
success: function(msg) {...},
beforeSend: function(request){
var token = 'xxxxxx';
request.setRequestHeader('Authorization', 'Bearer ' + token);
},
complete: function(msg) {},
error: function(xhr, ajaxOptions, thrownError) {}
});
Chrome 控制台返回错误消息
XMLHttpRequest 无法加载https://api.example.com/auth 。 预检响应中的 Access-Control-Allow-Headers 不允许请求头字段授权。
location / {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "https://example.com";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
我将此添加到 Nginx 并且它起作用了:
add_header Access-Control-Allow-Headers "Authorization";
对于错误:
请求的资源上不存在“Access-Control-Allow-Origin”标头。 因此,不允许访问 Origin ' https://localhost:3000 '。
我将此添加到 Nginx:
add_header Access-Control-Allow-Origin *;
请求标头字段Access-Control-Allow-Headers在预检响应中不允许使用Access-Control-Allow-Headers
[英]Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段授权
[英]Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
获取 API CORS 错误:预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段授权
[英]Fetch API CORS error: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
CORS 错误:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段授权
[英]CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
被 CORS 阻止:在预检响应中 Access-Control-Allow-Headers 不允许请求 header 字段授权
[英]Being blocked by CORS: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
飞行前响应中的Access-Control-Allow-Headers不允许请求标头字段Access-Control-Request-Methods
[英]Request header field Access-Control-Request-Methods is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许 Angularjs 请求标头字段 Access-Control-Allow-Headers
[英]Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
当使用 http 从 JS 获取请求到 SlackAPI 时,Access-Control-Allow-Headers 在飞行前响应中不允许请求 header 字段授权
[英]Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response when using http get req from JS to SlackAPI
请求标头字段在预检响应中,Access-Control-Allow-Headers不允许使用If-None-Match
[英]Request header field If-None-Match is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许 XMLHttpRequest 请求标头字段 postman-token
[英]XMLHttpRequest Request header field postman-token is not allowed by Access-Control-Allow-Headers in preflight response
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.