我对Axios lib&有问题CORS。我试着通过标题"授权"对Axios进行ajax调用到我的休息api。不幸的是我的标题不可见。
在我的要求中,我有:
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:POST
所以我的授权标头没有传递给服务器。我正在寻找解决方案,我找到了一些方法来修改我的虚拟主机配置。
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, OPTIONS, DELETE"
Header always set Access-Control-Expose-Headers 'Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With,Content-Disposition'
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Allow-Credentials "true"
现在在我的回复中:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With,Content-Disposition
Cache-Control:no-store, private
Connection:Keep-Alive
Content-Type:application/json
请求看起来仍然相同。 Access-Control-Request-Headers: authorization代替具有正确值的授权标头。
我的axios功能如下:
let api = axios.create({
baseURL: 'my_rest_api',
withCredentials: true,
headers: {
'Content-Type': 'application/json',
'authorization': 'Bearer ' + accessToken
}
})
api.post('oauth/logged-user', {})
我在常规标签中有Request Method:OPTIONS的有趣之处。这意味着我的API配置错误了吗?我应该禁用OPTIONS请求的授权吗?
当我使用邮递员时 - >一切都很好。我知道我对CORS的了解不多,但请 - 帮助我!我需要这个!