更新时间:2023-12-03 17:49:46
响应请求的服务器需要发送Access-Control-Allow-Origin
响应标头用于OPTIONS
请求,而不仅是GET
和POST
请求
The server that’s responding to the request needs to send the Access-Control-Allow-Origin
response header for OPTIONS
requests, not just for GET
and POST
requests.
https://developer.mozilla.org/zh- US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
对预检请求的响应未通过访问控制检查
Response to preflight request doesn't pass access control check
浏览器给您该错误的原因是:在尝试您尝试从前端JS代码发出的实际请求之前,浏览器发送了一个OPTIONS
请求,以查看服务器是否以指示其响应的方式进行响应选择接收您要提出的请求.
The reason the browser gives you that error is: before it attempts the actual request you’re trying to make from your frontend JS code, the browser sends an OPTIONS
request to see if the server responds in a way indicating it’s opting in to receiving requests of the kind you’re trying to make.
因此,您的服务器端代码需要为OPTIONS
请求添加处理以响应Access-Control-Allow-Origin
,Access-Control-Allow-Headers
和& Access-Control-Allow-Methods
.
So your server-side code needs to add handling for the OPTIONS
request to respond with Access-Control-Allow-Origin
, Access-Control-Allow-Headers
& Access-Control-Allow-Methods
.
要解决与CORS相关的问题,客户端是否需要做任何事情-还是服务器方面的问题?
Does anything at all need to be done on client side to fix CORS related issues - or is it all a server side concern?
您无法在客户端上更改行为或使您的浏览器不发出该错误. CORS配置全是服务器端的问题.您的服务器必须处理OPTIONS
.
There’s nothing you can do on the client side to change the behavior or to get your browser to not emit that error. CORS config is all a server-side concern. Your server must handle the OPTIONS
.
响应的HTTP状态代码为403.
The response had HTTP status code 403.
这表示授权失败.那可能仅仅是因为您的服务器未配置为针对OPTIONS
请求发送成功响应(200
或204
)-在这种情况下,您必须配置为执行此操作(发送200
或200
或204
204
具有正确的Access-Control-Allow-*
标头,但没有响应正文)-可能是因为您正在尝试发送需要授权的请求,并且授权失败.
That indicates an authorization failure. That could be just because your server isn’t configured to ever send a success response (200
or 204
) for OPTIONS
requests—in which case you must configure to to do that (to send a 200
or 204
with the right Access-Control-Allow-*
headers and no response body)—or it could be because you’re trying to send a request that requires authorization and the authorization is failing.