XMLHttpRequest 将 POST 更改为 OPTION

2022-01-15 00:00:00 xmlhttprequest javascript

我有这个代码:

net.requestXHR = function() {
    this.xhr = null;
    if(window.XMLHttpRequest === undefined) {
        window.XMLHttpRequest = function() {
            try {
                // Use the latest version of the activex object if available
                this.xhr = new ActiveXObject("Msxml2.XMLHTTP.6.0");
            }
            catch(e1) {
                try {
                    // Otherwise fall back on an older version
                    this.xhr = new ActiveXObject("Mxsml2.XMLHTTP.3.0");
                }
                catch(e2) {
                    //Otherwise, throw an error
                    this.xhr = new Error("Ajax not supported in your browser");
                }
            }
        };
    }
    else
        this.xhr = new XMLHttpRequest();
}
net.requestXHR.prototype.post = function(url, data) {
    if(this.xhr != null) {
        this.xhr.open("POST", url);
        this.xhr.setRequestHeader("Content-Type", "application/json");
        this.xhr.send(data);
    }
}

    var rs = new net.requestSpeech();
    console.log(JSON.stringify(interaction));
    rs.post("http://localhost:8111", JSON.stringify(interaction));

当发送执行时,我有这个日志:

when the send execute, i have this log:

OPTIONS http://localhost:8111/ [HTTP/1.1 405 Method Not Allowed 74ms]

在 localhost:8111 我有一个接受 post 的 reslet serverResource,这是同源策略的问题吗?我已经修改了restlet以放置allow-origin标头,并使用另一个GET http请求(在jquery中)对其进行测试并且工作正常.我解决了同源问题,因为我使用的是 html5 浏览器,并且我的服务器将标头放入响应中,那么为什么发送显示此错误?为什么将 POST 更改为 OPTION?谢谢!

And in localhost:8111 i have a reslet serverResource that accept post, it is problem of same origin policy? i have modify the restlet to put the allow-origin header and i test it with another GET http request (in jquery) and work ok. I have the problem of same origin resolve because i use an html5 browser and my server put the headers in the response, so why the send shows me this error? why change POST for OPTION? Thanks!

可能重复?:我认为没有,但确实如此,问题在于两个问题都一样,但我的问题是浏览器有问题,另一个首先指向jQuery.根据经验,时间不算重复,答案是不同的,但确实这两个问题都是互补的彼此.

Possible duplicate?: I think no, but it's true, the problem is the same for both questions, but mine are refers since the question that there is an issue with the browser, and the other, first points to jquery. By experience the time does not count for duplicate, the answers are different but it's true that both questions complement each other.

推荐答案

是的,这是一个同源策略问题".您正在向不同的服务器或不同的端口发出请求,这意味着它是一个跨站点 HTTP 请求.以下是文档对此类请求的说明:

Yes, this is a "problem with same-origin policy". You are making your request either to a different server or to a different port, meaning that it is a cross-site HTTP request. Here is what the documentation has to say about such requests:

另外,对于可能导致副作用的 HTTP 请求方法服务器的数据(特别是对于 GET 以外的 HTTP 方法,或POST 与某些 MIME 类型一起使用),规范要求浏览器预检"请求,从使用 HTTP OPTIONS 请求方法的服务器,然后,在来自服务器的批准",发送带有实际请求的实际请求HTTP 请求方法.

Additionally, for HTTP request methods that can cause side-effects on server's data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request method, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method.

CORS 标准(Cross-Origin Request with预检"部分).您的服务器需要允许 OPTIONS 请求并使用 Access-Control-Allow-OriginAccess-Control-Allow-HeadersAccess-Control-Allow-Methods 标头允许请求.然后浏览器将发出实际的 POST 请求.

There is a more detailed description in the CORS standard ("Cross-Origin Request with Preflight" section). Your server needs to allow the OPTIONS request and send a response with Access-Control-Allow-Origin, Access-Control-Allow-Headers and Access-Control-Allow-Methods headers allowing the request. Then the browser will make the actual POST request.

相关文章