更新时间:2022-11-26 13:55:02
Chrome(或任何其他浏览器)是否发送 OPTIONS 请求完全由 CORS 规范:
Whether the Chrome (or any other browser) sends an OPTIONS request is exactly specified by the CORS specfication:
当跨域请求算法被调用时,这些必须遵循的步骤:
...
2.如果满足以下条件,则按照简单跨域请求 算法:
When the cross-origin request algorithm is invoked, these steps must be followed:
...
2. If the following conditions are true, follow the simple cross-origin request algorithm:
Each of the author request headers is a simple header or author request headers is empty.
3. 否则,按照cross-origin使用预检算法请求.
注意:使用简单的方法的跨源请求a> 带有 作者请求标头 不是 simple 将有一个 预检请求 以确保资源可以处理这些标头.(类似于使用不是简单方法的方法的请求.)
3. Otherwise, follow the cross-origin request with preflight algorithm.
Note: Cross-origin requests using a method that is simple with author request headers that are not simple will have a preflight request to ensure that the resource can handle those headers. (Similarly to requests using a method that is not a simple method.)
您的 OPTIONS 请求包含以下请求标头:
Your OPTIONS request contains the following request header:
Access-Control-Request-Headers: accept, authorization, content-type
这意味着您的 Angular 应用插入了非simple Authorization
请求标头,可能作为身份验证方案的一部分.非简单的作者请求标头"会触发 OPTIONS 请求,如您在上面的引用中所见.
This means that your Angular app has inserted the non-simple Authorization
request header, probably as a part of an authentication scheme. Non-simple "author request headers" trigger the OPTIONS request, as you can see in the above quote.
为了让请求成功,您的服务器应该处理 OPTIONS 请求并响应:
To allow the request to succeed, your server should handle OPTIONS request and respond with:
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Headers: authorization
要了解有关 CORS 的更多信息,请参阅 https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS.
To learn more about CORS, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS.