Access-Control-Allow-Headers 不允许请求标头字段 Access-Control-Allow-Headers

2022-01-11 00:00:00 cors header post angularjs javascript

我正在尝试使用 post 请求将文件发送到我的服务器,但是当它发送时会导致错误:

I'm trying to send files to my server with a post request, but when it sends it causes the error:

Access-Control-Allow-Headers 不允许请求标头字段 Content-Type.

Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

所以我用谷歌搜索了错误并添加了标题:

So I googled the error and added the headers:

$http.post($rootScope.URL, {params: arguments}, {headers: {
    "Access-Control-Allow-Origin" : "*",
    "Access-Control-Allow-Methods" : "GET,POST,PUT,DELETE,OPTIONS",
    "Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
}

然后我得到错误:

Access-Control-Allow-Headers 不允许请求标头字段 Access-Control-Allow-Origin

Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers

所以我用谷歌搜索了这个问题,我能找到的唯一类似问题是提供了一半的答案,然后作为离题关闭.我应该添加/删除哪些标题?

So I googled that and the only similar question I could find was provided a half answer then closed as off topic. What headers am I supposed to add/remove?

推荐答案

服务器(POST请求发送到的)需要包含Access-Control-Allow-Headers 标头(等​​)在其响应中.将它们放入来自客户端的请求中没有任何效果.

The server (that the POST request is sent to) needs to include the Access-Control-Allow-Headers header (etc) in its response. Putting them in your request from the client has no effect.

这是因为由服务器指定它接受跨域请求(并且它允许 Content-Type 请求标头,等等)——客户端无法决定给定服务器本身应该允许 CORS.

This is because it is up to the server to specify that it accepts cross-origin requests (and that it permits the Content-Type request header, and so on) – the client cannot decide for itself that a given server should allow CORS.

相关文章