Question

我必须设置一个标题密钥：我已经插入两次的XXXXXXX仍然没有插入标题。

我从API获取数据，所以我需要添加相同的标题，但显然我的代码中有些错误，当我使用Live Headers Addon chrome检查它时，标题不显示。

但如果我使用chrome扩展手动（插入标题），它会被插入。

代码

function createCORSRequest(method, url) {
    var xhr = new XMLHttpRequest();
    if ("withCredentials" in xhr) {

        // Check if the XMLHttpRequest object has a "withCredentials" property.
        // "withCredentials" only exists on XMLHTTPRequest2 objects.
        {

            xhr.open(method, url, true)
            xhr.setRequestHeader("Key", "ac6e6ff85e0774");
            xhr.setRequestHeader("Secret", "9261fabe594");


        }
    } else if (typeof XDomainRequest != "undefined") {

        // Otherwise, check if XDomainRequest.
        // XDomainRequest only exists in IE, and is IE's way of making CORS requests.
        xhr = new XDomainRequest();
        xhr.open(method, url);
        xhr.setRequestHeader("Key", "47385e0774");
        xhr.setRequestHeader("Secret", "b034e594");

    } else {

        // Otherwise, CORS is not supported by the browser.
        xhr = null;

    }
    return xhr;
}

function makeCorsRequest() {
    // This is a sample server that supports CORS.
    var url = 'https://www.cryptocurrencychart.com/api/coin/list';
    var xhr = createCORSRequest('GET',url);
    console.log(xhr);
    if (!xhr) {
        console.log('CORS not supported');
        return ('GODDAMNIT');
    }

    // Response handlers.
    xhr.setRequestHeader("Access-Control-Allow-Origin", "https://api.coinmarketcap.com/v1/ticker/");
    xhr.setRequestHeader("Key", "c2b64fc6e64");
    xhr.setRequestHeader("Secret", "cb0asdw64");
    xhr.onload = function() {

        var text = xhr.responseText;
        console.log('going in');



        console.log(text);

    };
    xhr.onerror = function() {
        console.log('Woops, there was an error making the request.');
    };

    xhr.send();
}
makeCorsRequest();

我在这里做错了什么？

修改这将在控制台中打印

Woops，发出请求时出错

选项https://www.cryptocurrencychart.com/api/coin/list 500（） makeCorsRequest

无法加载https://www.cryptocurrencychart.com/api/coin/list：预检的响应包含无效的HTTP状态代码500

EDIT2

这些是我的要求和回复

OPTIONS /api/coin/list HTTP/1.1
Host: www.cryptocurrencychart.com:443
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
Access-Control-Request-Headers: access-control-allow-origin,key,secret
Access-Control-Request-Method: GET
Origin: http://evil.com/
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: (28BB0A368XXXXDD3C9EE95A829XXXBF)

HTTP/1.1 500
cache-control: no-store, no-cache, must-revalidate
content-type: application/json
date: Sat, 03 Mar 2018 17:08:56 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx/1.10.3 (Ubuntu)
set-cookie: PHPSESSID=brexxxxx6c4ptr5bs8ns7dlf11; path=/
status: 500

请注意要求进入的标题是Access-Control-Request-Headers: access-control-allow-origin,key,secret

使用Javascript添加标头

0 个答案: