CORS头有信息,但Angular js $ http.get不起作用

时间:2016-01-05 15:15:57

标签: javascript angularjs ajax cors

我使用角度js来消耗休息服务。其余的api确实返回了所需的标题,但我得到了

Response for preflight has invalid HTTP status code 401 

在mozilla中我得到了

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the   remote resource at http://testurl.com:8081/v1/users. (Reason: CORS preflight channel did not succeed).

错误

API标头返回给出

Server: Apache-Coyote/1.1 
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS, DELETE
Access-Control-Allow-Headers: x-requested-with, Authorization
Access-Control-Expose-Headers: x-requested-with
Access-Control-Max-Age: 3600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate 
Pragma: no-cache 
Expires: 0 
X-Frame-Options: DENY
X-Application-Context: application:8081
Content-Type: application/json;charset=UTF-8 
Transfer-Encoding: chunked 
Date: Tue, 05 Jan 2016 14:57:20 GMT 

以下是http请求

 $http({
         method: 'post',
         url: 'http://testurl.com/v1/users',
         data    : data
         }).then(function successCallback(response) {
         object.sucess=true;
         object.massage=response;
         console.log('success');
         }, function errorCallback(response) {
         object.sucess=true;
         object.massage=response;

         });

我做错了什么或问题在标题中。

3 个答案:

答案 0 :(得分:1)

当我读到您的问题时,我也遇到了这个问题,这个问题也可以通过创建代理服务器从服务器端以及客户端解决。在服务器端,您需要允许系统的IP。

我知道他们通常是3种解决方案。

1)。 示例:正如我在NodeJs(API)中创建Web服务时所做的那样:

res.setHeader('Access-Control-Allow-Origin', 'http://hostname.com');
// Request methods you wish to allow
// You can write * also for allowing to access that url from all systems which is not done usually for security purposes
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

// Request headers you wish to allow
res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');

// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
res.setHeader('Access-Control-Allow-Credentials', true);

然后你也可以运行get和post post。

2)。您还可以创建代理服务器来处理该帖子并放置reuest,以便与该api的通信将保持不变

3)。您可以在Chrome浏览器中安装CORS插件并启用它,然后您可以向服务器端查询。 https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?utm_source=chrome-ntp-icon

答案 1 :(得分:1)

我找到了解决方案。缺少预检OPTIONS。我不得不在后端添加这些内容。现在它工作正常。

答案 2 :(得分:0)

您已将Authorization作为允许的标头。这是不正确的,您需要添加允许此标头的Access-Control-Allow-Credentials

此单独设置控制浏览器发送Cookie以及Authorization标题