使用预检选项的CORS Post请求

时间:2017-05-30 13:58:07

标签: jquery http-headers cors access preflight

我们正在使用CORS从JQUERY调用Web服务。请求不简单,因此发送预检,OPTIONS调用成功,我们允许所有来源,所有标题和所有方法用于测试目的。但是,浏览器拒绝发送第二个请求(POST),并说它没有声明allow-origin。

以下是来自fiddler的请求。

OPTIONS Request
---------------
https://prewebapp.xyz.corp/corebanking/business/customer/v1/customerinformation/valideclientcrm?part=1353761&gl=null HTTP/1.1
Accept: */*
Origin: http://crmtest.xyz.corp
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept, authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: prewebapp.xyz.corp
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

OPTIONS Response
----------------
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Date: Tue, 30 May 2017 13:07:47 GMT

可以看出,允许所有标题,起源和方法,但POST不发送。这是邮递员对POST请求的响应,不需要预检检查。

Postman Request
---------------
POST /corebanking/business/customer/v1/customerinformation/valideclientcrm?part=1353761&gl=null HTTP/1.1
Host: prewebapp.xyz.corp
Content-Type: application/json; charset=utf-8
Authorization: Bearer eyJ0eXAiOiJKV1... (extra characters removed)
Cache-Control: no-cache
Postman-Token: 11325cf5-4246-bdcc-3cf4-ba53b4f128c6

邮递员回复

enter image description here

0 个答案:

没有答案