CORS错误:请求标头字段预检响应中的Access-Control-Allow-Headers不允许授权
I am trying to send the request from one localhost port to the another. I am using angularjs on the frontend and node on the backend.
我试图将请求从一个localhost端口发送到另一个。我在后端的节点和节点上使用angularjs。
Since it is CORS request, In node.js, i am using
由于它是CORS请求,在node.js中,我正在使用
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
and in the angular.js service file, I am using
在angular.js服务文件中,我正在使用
return {
getValues: $resource(endpoint + '/admin/getvalues', null, {
'get': {
method: 'GET',
headers:{'Authorization':'Bearer'+' '+ $localStorage.token}
}
}),
}
I am getting the following error
我收到以下错误
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
请求标头字段预检响应中的Access-Control-Allow-Headers不允许授权。
Please help!
请帮忙!
3 个解决方案
#1
17
You have to add options also in allowed headers. browser sends a preflight request before original request is sent. See below
您还必须在允许的标头中添加选项。浏览器在发送原始请求之前发送预检请求。见下文
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS');
From source https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
来自来源https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
In CORS, a preflight request with the OPTIONS method is sent, so that the server can respond whether it is acceptable to send the request with these parameters. The Access-Control-Request-Method
header notifies the server as part of a preflight request that when the actual request is sent, it will be sent with a POST request method. The Access-Control-Request-Headers
header notifies the server that when the actual request is sent, it will be sent with a X-PINGOTHER
and Content-Type
custom headers. The server now has an opportunity to determine whether it wishes to accept a request under these circumstances.
在CORS中,发送带有OPTIONS方法的预检请求,以便服务器可以响应是否可以使用这些参数发送请求。 Access-Control-Request-Method标头作为预检请求的一部分通知服务器,当发送实际请求时,它将使用POST请求方法发送。 Access-Control-Request-Headers标头通知服务器,当发送实际请求时,它将与X-PINGOTHER和Content-Type自定义标头一起发送。服务器现在有机会确定是否希望在这种情况下接受请求。
EDITED
EDITED
You can avoid this manual configuration by using npmjs.com/package/cors npm package.I have used this method also, it is clear and easy.
您可以使用npmjs.com/package/cors npm package避免此手动配置。我也使用了这种方法,它清晰简单。
更多相关文章
- 当尝试安装节点时,会得到一个“DLL”错误。js在Windows 7上
- contains和compareDocumentPosition 方法来确定是否HTML节点间的
- 如何访问远程节点。浏览器中的js应用程序,而不是本地主机
- js之DOM操作(访问父节点parentNode)
- 如何使用客户端Javascript数组并通过节点发布。将js API插入Mong
- 是否可以从节点js中的同一模块导出构造函数和一些正常函数?
- 如果外部应用程序更改了持久模型(服务器数据库),AngularJS可以自
- 从Django开发服务器的根服务提供静态文件
- 在两台服务器上有效地在两个Django应用程序之间进行通信(多租户)