根据文档https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS),对于简单请求不应发生预检。角度CORS简单请求在POST中使用授权标题触发预检
这的确是这样的,如果我不把在请求中附加的“授权”标头:
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic _base64_string_"
没有“授权”标头:
:authority:www.target.com
:method:POST //<----------------This is correct
:path:/oauth2/access_token?client_id=xxx-xxx
:scheme:https
accept:application/json, text/plain, */*
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8,fr;q=0.6
content-length:79
content-type:application/x-www-form-urlencoded//<----------------This is correct
origin:http://source.com:4200
referer:http://source.com:4200/
随着“授权”头,OPTIONS方法自动设置:
:authority:www.target.com
:method:OPTIONS //<----------------This is NOT correct, caused by Authorization header
:path:/oauth2/access_token?client_id=xxx-xxx
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8,fr;q=0.6
access-control-request-headers:authorization
access-control-request-method:POST
origin:http://source.com:4200
referer:http://source.com:4200/
由于这个问题,我无法au使我的应用程序,服务器响应是:
HTTP method 'OPTIONS' is not allowed. Expected 'POST'
所以看起来“授权”标题触发在CORS预检。 任何人都可以对此有所了解吗?
我期望以某种方式能够避免仅使用后端服务器或代理服务器的初始请求。所有后续请求都会通过,只有这一个导致问题(不,我没有访问服务器,它只是一个API访问)。不管怎样,谢谢你 ! –