我正在向我拥有且有权访问的服务器发送POST请求。
这会触发带有OPTIONS方法的CORS预检请求,并返回以下响应标头:
HTTP/1.1 200
Allow: HEAD,POST,GET,OPTIONS
Last-modified: Mon, 26 Jun 2017 13:57:08 BST
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Headers: origin, content-type, accept, authorization
Access-Control-Expose-Headers: Set-Cookie
Content-Type: application/vnd.sun.wadl+xml
Content-Length: 1126
随后的POST请求会报告
Fetch API cannot load http://localhost:8080/api/reservation. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 500. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
使用javascript fetch。
如上所述,对/reservation端点的POST会导致此类错误。但是,对我服务器上其他端点的POST请求是成功的,并且不会报告不允许来源。两者都执行相同的fetch代码;发出OPTIONS预检,然后发布POST。
var RestRequest = {
post: function(endpoint, payload, callback, secondCallback) {
fetch('http://localhost:8080/api' + endpoint, {
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
},
method: 'post',
credentials: 'include',
body: payload
})
.then(function (response) {
return response.json()
})
.then( function (result) {
callback(result)
if (secondCallback != null) {
secondCallback()
}
})
}
};
为什么我的浏览器抱怨在CORS预检明确允许访问此特定来源时,不允许访问请求的来源?
修改我的服务器CORS响应过滤器以允许所有来源产生相同的错误消息。从Postman插件发出相同的请求成功。
答案 0 :(得分:1)
它表示响应的HTTP状态代码为500,因此它与您发布的响应(即HTTP 200)不同。
您很可能遇到服务器错误,这会阻止将CORS标头添加到响应中。