我使用角度js来消耗休息服务。其余的api确实返回了所需的标题,但我得到了
Response for preflight has invalid HTTP status code 401
在mozilla中我得到了
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://testurl.com:8081/v1/users. (Reason: CORS preflight channel did not succeed).
错误
API标头返回给出
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS, DELETE
Access-Control-Allow-Headers: x-requested-with, Authorization
Access-Control-Expose-Headers: x-requested-with
Access-Control-Max-Age: 3600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
X-Application-Context: application:8081
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 05 Jan 2016 14:57:20 GMT
以下是http请求
$http({
method: 'post',
url: 'http://testurl.com/v1/users',
data : data
}).then(function successCallback(response) {
object.sucess=true;
object.massage=response;
console.log('success');
}, function errorCallback(response) {
object.sucess=true;
object.massage=response;
});
我做错了什么或问题在标题中。
答案 0 :(得分:1)
当我读到您的问题时,我也遇到了这个问题,这个问题也可以通过创建代理服务器从服务器端以及客户端解决。在服务器端,您需要允许系统的IP。
我知道他们通常是3种解决方案。
1)。 示例:正如我在NodeJs(API)中创建Web服务时所做的那样:
res.setHeader('Access-Control-Allow-Origin', 'http://hostname.com');
// Request methods you wish to allow
// You can write * also for allowing to access that url from all systems which is not done usually for security purposes
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
// Request headers you wish to allow
res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
res.setHeader('Access-Control-Allow-Credentials', true);
然后你也可以运行get和post post。
2)。您还可以创建代理服务器来处理该帖子并放置reuest,以便与该api的通信将保持不变
3)。您可以在Chrome浏览器中安装CORS插件并启用它,然后您可以向服务器端查询。 https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?utm_source=chrome-ntp-icon
答案 1 :(得分:1)
我找到了解决方案。缺少预检OPTIONS。我不得不在后端添加这些内容。现在它工作正常。
答案 2 :(得分:0)
您已将Authorization
作为允许的标头。这是不正确的,您需要添加允许此标头的Access-Control-Allow-Credentials
。
此单独设置控制浏览器发送Cookie以及Authorization
标题