![](/img/trans.png)
[英]AngularJS with NodeJS GET request fails - “Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers”
[英]Backbone & Slim PHP - Access-Control-Allow-Headers - Can GET information, can't POST it?
我正在使用Backbone和Slim PHP框架。 我正在嘗試將信息發布到我的API,但是Access-Control-Allow-Headers一直讓我遇到問題......
我的控制台顯示:
OPTIONS http://api.barholla.com/user/auth 405 (Method Not Allowed) zepto.min.js:2
XMLHttpRequest cannot load http://api.barholla.com/user/auth. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
我的標題是:
Request URL:http://api.barholla.com/user/auth
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Connection:keep-alive
Host:api.barholla.com
Origin:http://localhost
Referer:http://localhost/barholla/app/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Response Headersview source
Access-Control-Allow-Origin:*
Allow:POST
Connection:close
Content-Type:application/json
Date:Thu, 08 Nov 2012 16:12:32 GMT
Server:Apache
Transfer-Encoding:chunked
X-Powered-By:Slim
X-Powered-By:PleskLin
我的slim index.php文件中的標題是:
$res = $app->response();
$res->header('Access-Control-Allow-Origin', '*');
$res->header("Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS");
要處理帖子數據:
$app->post('/user/auth', function () use ($app) {
//code here
});
在我的javascript(我正在使用骨干框架)我的代碼是:
App.userAuth = new App.UserAuthModel({
username: $('#username').val(),
password: hex_md5($('#password').val())
});
App.userAuth.save({}, {
success: function(model, resp) {
console.log(resp);
},
error: function(model, response) {
console.log(response);
}
});
任何幫助都會非常感激,我已經堅持了很久!
我有一個類似的跨域POST
問題(事實上除了GET
之外的所有標題)。 以下解決了它:
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && (
$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST' ||
$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'DELETE' ||
$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'PUT' )) {
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Headers: X-Requested-With');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT'); // http://stackoverflow.com/a/7605119/578667
header('Access-Control-Max-Age: 86400');
}
exit;
}
在您的javascript客戶端中,您正在向/ user / auth發出OPTIONS請求,但在您的PHP代碼中,您只接受通過此端點的POST請求。
如果您希望API接受OPTIONS方法,您的代碼中應該包含以下內容:
$app->options('/user/auth', function () use ($app) {
//code here
});
或者,如果要在同一函數中處理多個HTTP方法:
$app->map('/user/auth', function () use ($app) {
if ($app->request()->isOptions()) {
//handle options method
}
else if ($app->request()->isPost()) {
//handle post method
}
})->via('POST', 'OPTIONS');
根據W3C ,請記住OPTIONS方法:
[...]表示請求獲取有關Request-URI標識的請求/響應鏈上可用的通信選項的信息。 該方法允許客戶端確定與資源相關聯的選項和/或要求,或服務器的能力,而不暗示資源動作或啟動資源檢索。
或者,只需更改客戶端的代碼即可發出POST請求而不是OPTIONS請求。 它比通過OPTIONS方法驗證用戶更容易,更有意義。 在zepto.js中它將是這樣的:
$.post('/user/auth', { foo: 'bar' }, function(response){
console.log(response);
});
您的OPTIONS請求應該是200返回空響應。 然后瀏覽器將發送真正的POST請求。
也無需在Access-Control-Allow-Methods
標頭中添加OPTIONS。
看來您使用身份驗證,為什么不添加Access-Control-Allow-Credentials標頭。
有關更多信息,請查看此代碼,這可能會有所幫助。
CorsSlim幫助了我。 https://github.com/palanik/CorsSlim
<?php
$app = new \Slim\Slim();
$corsOptions = array("origin" => "*",
"exposeHeaders" => array("Content-Type", "X-Requested-With", "X-authentication", "X-client"),
"allowMethods" => array('GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'));
$cors = new \CorsSlim\CorsSlim($corsOptions);
$app->add($cors);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.