我正在尝试从不同的域访问API,而不是运行我的角度应用程序的API。我的角度代码是:
this.headers = new Headers({ 'Content-Type': 'application/json',
'Authorization': 'authtoken'});
this.options = new RequestOptions({headers: this.headers});
return this.http.get(this.config.baseUrl + this.config.getregistrationinfo, this.options)
.map((res) => { return res.json(); });
允许来源的服务器端允许请求域。以下是请求和响应详细信息:
Request URL:https://portal.host.com/api
Request Method:OPTIONS
Status Code:401 Unauthorized
Remote Address:127.0.0.1:8888
Referrer Policy:no-referrer-when-downgrade
响应标头
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
Access-Control-Allow-Methods:GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin:http://evil.com/
Content-Length:597
Content-Type:text/html
Date:Wed, 16 Aug 2017 14:51:34 GMT
Server:nginx/1.12.0
Strict-Transport-Security:max-age=31536000; includeSubdomains; preload
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
请求标题
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:authorization,content-type
Access-Control-Request-Method:GET
Connection:keep-alive
Host:portal.host.com
Origin:http://evil.com/
Referer:http://localhost:4200/master/samplesregistration
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36