Chrome(或任何其他浏览器)是否发送 OPTIONS 请求完全由 CORS 规范:

Whether the Chrome (or any other browser) sends an OPTIONS request is exactly specified by the CORS specfication:

当跨域请求算法被调用时，这些必须遵循的步骤:
...
2.如果满足以下条件，则按照简单跨域请求 算法:

When the cross-origin request algorithm is invoked, these steps must be followed:
...
2. If the following conditions are true, follow the simple cross-origin request algorithm:

• 请求方法是简单方法 和 强制预检标志 未设置.

每个作者请求标头都是一个简单标题 或 作者请求标头 为空.

Each of the author request headers is a simple header or author request headers is empty.

3. 否则，按照cross-origin使用预检算法请求.
注意:使用简单的方法的跨源请求a> 带有 作者请求标头 不是 simple 将有一个 预检请求 以确保资源可以处理这些标头.(类似于使用不是简单方法的方法的请求.)

3. Otherwise, follow the cross-origin request with preflight algorithm.
Note: Cross-origin requests using a method that is simple with author request headers that are not simple will have a preflight request to ensure that the resource can handle those headers. (Similarly to requests using a method that is not a simple method.)

您的 OPTIONS 请求包含以下请求标头:

Your OPTIONS request contains the following request header:

Access-Control-Request-Headers: accept, authorization, content-type

这意味着您的 Angular 应用插入了非simple Authorization 请求标头，可能作为身份验证方案的一部分.非简单的作者请求标头"会触发 OPTIONS 请求，如您在上面的引用中所见.

This means that your Angular app has inserted the non-simple Authorization request header, probably as a part of an authentication scheme. Non-simple "author request headers" trigger the OPTIONS request, as you can see in the above quote.

为了让请求成功，您的服务器应该处理 OPTIONS 请求并响应:

To allow the request to succeed, your server should handle OPTIONS request and respond with:

Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Headers: authorization

要了解有关 CORS 的更多信息，请参阅 https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS.

To learn more about CORS, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS.