我的FE应用程序正在使用来自不同域的API.我知道它应该触发CORS,但据我所知它不应该为每个请求创建预检.
根据文档,我不应该有预检请求的GET方法.
Cross-site requests are preflighted like this since they may have implications to
user data. In particular, a request is preflighted if:
- It uses methods other than GET, HEAD or POST.
Also, if POST is used to send request data with a Content-Type
other than application/x-www-form-urlencoded, multipart/form-data,
or text/plain, e.g. if the POST request sends an XML payload to the
server using application/xml or text/xml, then the request is preflighted.
- It sets custom …我们有以下设置:
Front end code : REACT (Hosted using express js) (lets call this www.domainA.com)
Backend : .NET WEB API (Hosted in IIS 7.5) (lets call this www.domainB.com)
FE应用程序的域正在向Web api发出GET数据和POST数据的请求.
GET工作正常,但每当我尝试将数据发布到Web API时,它都会抛出以下错误:
Request URL: http://www.domainB.com/api/postdataoperation
Request Method: OPTIONS
Status Code: 403 Forbidden
我查看了许多CORS文章并继续在IIS中设置HTTPResponseHeaders,如下所示:
Access-Control-Allow-Methods : POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin : http://www.domainA.com
反应解决方案的发布请求如下:
axios.post(`http://www.domainB.com/api/postdataoperation`, {userId});
我正在处理的应用程序出现了CORS问题。
It's setup in Kubernetes, with a third party Java framework:
http://www.ninjaframework.org/
I am getting the following error:
Preflight response is not successful
XMLHttpRequest cannot load https://api.domain.com/api/v1/url/goes/here? due to access control checks.
Failed to load resource: Preflight response is not successful
I don't think the problem is in Kubernetes, but just in case - here's my Kubernetes setup:
apiVersion: v1
kind: Service
metadata:
name: domain-server
annotations:
dns.alpha.kubernetes.io/external: "api.domain.com"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:152660121739:certificate/8efe41c4-9a53-4cf6-b056-5279df82bc5e
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
spec:
type: LoadBalancer
selector:
app: domain-server
ports:
- …我一直在尝试iron-ajax向服务器发送一个简单的帖子,但在飞行前调用时它一直失败。对于我的一生,我无法弄清楚发生了什么,服务器上的所有 CORS 标头似乎都是正确的。
Response headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Access-Control-Allow-Origin:*
cache-control:must-revalidate, private, no-cache, no-store, max-age=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:138
Content-Type:text/html
Request headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
该请求确实是从本地主机发出的,但我认为应该*处理这个问题。
控制台中显示的错误是:
OPTIONS https://... 403 (Forbidden)和
XMLHttpRequest cannot load https://.... Response for preflight has invalid HTTP status code 403
任何帮助/建议表示赞赏。