响应请求的服务器需要发送Access-Control-Allow-Origin响应标头用于OPTIONS请求，而不仅是GET和POST请求

The server that’s responding to the request needs to send the Access-Control-Allow-Origin response header for OPTIONS requests, not just for GET and POST requests.

https://developer.mozilla.org/zh- US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests

对预检请求的响应未通过访问控制检查

Response to preflight request doesn't pass access control check

浏览器给您该错误的原因是:在尝试您尝试从前端JS代码发出的实际请求之前，浏览器发送了一个OPTIONS请求，以查看服务器是否以指示其响应的方式进行响应选择接收您要提出的请求.

The reason the browser gives you that error is: before it attempts the actual request you’re trying to make from your frontend JS code, the browser sends an OPTIONS request to see if the server responds in a way indicating it’s opting in to receiving requests of the kind you’re trying to make.

因此，您的服务器端代码需要为OPTIONS请求添加处理以响应Access-Control-Allow-Origin，Access-Control-Allow-Headers和& Access-Control-Allow-Methods.

So your server-side code needs to add handling for the OPTIONS request to respond with Access-Control-Allow-Origin, Access-Control-Allow-Headers & Access-Control-Allow-Methods.

要解决与CORS相关的问题，客户端是否需要做任何事情-还是服务器方面的问题?

Does anything at all need to be done on client side to fix CORS related issues - or is it all a server side concern?

您无法在客户端上更改行为或使您的浏览器不发出该错误. CORS配置全是服务器端的问题.您的服务器必须处理OPTIONS.

There’s nothing you can do on the client side to change the behavior or to get your browser to not emit that error. CORS config is all a server-side concern. Your server must handle the OPTIONS.

响应的HTTP状态代码为403.

The response had HTTP status code 403.

这表示授权失败.那可能仅仅是因为您的服务器未配置为针对OPTIONS请求发送成功响应(200或204)-在这种情况下，您必须配置为执行此操作(发送200或200或204 204具有正确的Access-Control-Allow-*标头，但没有响应正文)-可能是因为您正在尝试发送需要授权的请求，并且授权失败.

That indicates an authorization failure. That could be just because your server isn’t configured to ever send a success response (200 or 204) for OPTIONS requests—in which case you must configure to to do that (to send a 200 or 204 with the right Access-Control-Allow-* headers and no response body)—or it could be because you’re trying to send a request that requires authorization and the authorization is failing.