我尝试使用Javascript访问基于Woocommerce WordPress的REST API,我设法在不需要特殊标头的GET请求上执行此操作。
然而,当我添加Content-Type到application/json标题时,我仍然会获得正在使用401 回复的预检OPTIONS个请求,尽管获取所有正确的响应标头,允许所有头。
(如果我和text/plain Content-Type一起发送,我在"Content, title, and excerpt are empty"收到400回复,因为如果没有application/json则无法解析所以它不是授权问题,在文档中也要求它。)
示例请求:
OPTIONS /wp-json/wc/v1/products?oauth_consumer_key=ck_fXXXXX HTTP/1.1
Host: XXXXXXX.com
Connection: keep-alive
Cache-Control: max-age=0
Access-Control-Request-Method: POST
Origin: http://localhost:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:81/wc_test.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: he-IL,he;q=0.8,en-US;q=0.6,en;q=0.4
以下是回复:
HTTP/1.1 401 Unauthorized
Date: Sat, 22 Oct 2016 20:24:24 GMT
Server: Apache/2.4.23
X-Powered-By: PHP/5.4.45
Vary: Cookie,Accept-Encoding,User-Agent
X-UA-Compatible: IE=edge,chrome=1
X-Robots-Tag: noindex
Link: <http://XXXXXXXX.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: http://localhost:81
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Access-Control-Max-Age: 3600
Content-Length: 156
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8
尝试将具体Content-Type而非*添加到Allow-Headers但没有成功,有或没有Access-Control-Max-Age等等。
专门针对application/json,如果我要将其更改为text/plain,则效果非常好。
可能是什么问题?根据要求,它看起来非常好。