我正在使用angularjs2 http服务发送http请求。在登录API中,我发送带有用户凭证的发布请求,后端服务器在响应中生成session_id并将其保存在cookie上。 session_id中没有显示Angularjs中的http响应对象。但我可以从chrome调试网络面板中看到这个值。网络下有一个Cookies标签。从那里我可以看到session_id及其价值。
登录成功后,我使用下面的代码发送下一个http请求:
let options = new RequestOptions({headers: this.headers, withCredentials: true });
return this.http.get(url, options)
但我得到了以下错误回复:
XMLHttpRequest cannot load https://backendjump.net/user/. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
当我在chrome上调试请求时,我发现请求标头如下所示:
Request URL:https://testapi.net/user/
Request Method:OPTIONS
Status Code:204 No Content
Remote Address:52.43.21.19:443
Referrer Policy:no-referrer-when-downgrade
它不包含上面提到的cookie session_id。另一个有趣的事情是Request Method变为OPTIONS而不是GET。
我不知道如何解决这个问题。它是后端还是前端问题?