我试图用post请求发送文件到我的服务器,但当它发送时,它会导致错误:
Access-Control-Allow-Headers不允许请求报头字段Content-Type。
所以我谷歌了这个错误,并添加了标题:
$http.post($rootScope.URL, {params: arguments}, {headers: {
"Access-Control-Allow-Origin" : "*",
"Access-Control-Allow-Methods" : "GET,POST,PUT,DELETE,OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
}
然后我得到错误:
Access-Control-Allow-Headers不允许请求报头字段Access-Control-Allow-Origin
所以我谷歌了一下,我能找到的唯一类似的问题是提供了一半的答案,然后关闭为跑题。我应该添加/删除什么头?
对我来说,我在web.config中有通配符“*”Access-Control-Allow-Headers:
<add name="Access-Control-Allow-Headers" value="*" />
这个解决方案适用于大多数导航器,但不适用于Safari或IE
结果证明,解决方案是手动添加所有自定义头到web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://somedomain.com" />
<add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE" />
<add name="Access-Control-Allow-Headers" value="custom-header1, custome-header2, custome-header3" />
</customHeaders>
</httpProtocol>
<system.webServer>
在我的例子中,我将几个参数作为@HeaderParam接收到一个web服务方法中。
这些参数必须在你的CORS过滤器中声明:
@Provider
public class CORSFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
...
headers.add("Access-Control-Allow-Headers",
/*
* name of the @HeaderParam("name") must be declared here (raw String):
*/
"name", ...);
headers.add("Access-Control-Allow-Credentials", "true");
headers.add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
}
以下是我使用nodejs的工作:
xServer.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", 'http://localhost:8080');
res.setHeader('Access-Control-Allow-Methods', 'POST,GET,OPTIONS,PUT,DELETE');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type,Accept');
next();
});
如果这对任何人都有帮助,(即使这有点可怜,因为我们必须只允许用于开发目的)这里有一个Java解决方案,因为我遇到了同样的问题。
[编辑]不要使用通配符*,因为它是一个糟糕的解决方案,如果你真的需要在本地工作,请使用localhost。
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "my-authorized-proxy-or-domain");
response.setHeader("Access-Control-Allow-Methods", "POST, GET");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
