当您开始使用自定义请求标头时，您将获得 CORS 预检.这是一个使用 HTTP OPTIONS 动词的请求，并包含多个标头，其中之一是 Access-Control-Request-Headers 列出客户端想要包含在请求.

When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.

您需要使用适当的 CORS 标头回复该 CORS 预检才能完成此工作.其中之一确实是Access-Control-Allow-Headers.该标头需要包含与 Access-Control-Request-Headers 标头包含的相同的值(或更多).

You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).

https://fetch.spec.whatwg.org/#http-cors-protocol更详细地解释了此设置.

https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.