CORS & OPTIONS & preflight request
CORS & OPTIONS
preflight request
- CORS 原理
CORS跨域的原理实际上是浏览器与服务器通过一些HTTP协议头来做一些约定和限制
- OPTIONS 应用场景
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
preflighted requests & simple requests
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
https://dev.to/effingkay/cors-preflighted-requests--options-method-3024
demos
- GET & application/json === OPTION
const getData = (url = ``) => {
// Default options are marked with *
return fetch(url, {
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
"Content-Type": "application/json",
// "Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "GET", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
getData(`https://cdn.xgqfrms.xyz/json/data.json`);
- GET & text/plain !== OPTION
const getData = (url = ``) => {
// Default options are marked with *
return fetch(url, {
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
// "Content-Type": "application/json",
"Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "GET", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
getData(`https://cdn.xgqfrms.xyz/json/data.json`);
- POST & application/json === OPTION
const postData = (url = ``, data = {}) => {
// Default options are marked with *
return fetch(url, {
body: JSON.stringify(data), // must match "Content-Type" header
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
"Content-Type": "application/json",
// "Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "POST", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
postData(`https://cdn.xgqfrms.xyz/json/data.json`, {});
- POST & application/x-www-form-urlencoded !== OPTION
const postData = (url = ``, data = {}) => {
// Default options are marked with *
return fetch(url, {
body: data, // must match "Content-Type" header
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
// "Content-Type": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
// "Content-Type": "text/plain",
},
method: "POST", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
postData(`https://cdn.xgqfrms.xyz/json/data.json`, `key=value`);
xgqfrms 2012-2020
www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!
CORS & OPTIONS & preflight request的更多相关文章
- has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
前端显示: has been blocked by CORS policy: Response to preflight request doesn't pass access control che ...
- CORS跨域带来的preflight request
CORS跨域带来的preflight request https://blog.csdn.net/baidu_35407267/article/details/79043515 HTTPS://blo ...
- Cross-origin resource sharing JSON with Padding 同源策略 JSONP 为什么form表单提交没有跨域问题,但ajax提交有跨域问题? XMLHttpRequest and the Fetch API follow the same-origin policy 预检请求(preflight request)
https://zh.wikipedia.org/wiki/跨来源资源共享 跨来源资源共享(CORS)是一份浏览器技术的规范,提供了 Web 服务从不同域传来沙盒脚本的方法,以避开浏览器的同源策略[1 ...
- CORS OPTIONS
CORS OPTIONS A CORS preflight request is a CORS request that checks to see if the CORS protocol is u ...
- .Net Core 处理跨域问题Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
网页请求报错: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Or ...
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' heade
XMLHttpRequest cannot load http://10.164.153.37:8050/WebService/WebService.asmx/wsGetStreetData. Res ...
- preflight request预检请求
preflight request预检请求,负责检查是否允许跨域请求,但是注意并不是所有的跨域请求都会发送preflight请求.对与那些幂等的请求,如GET请求,就不会发送preflight请求.只 ...
- ajax post上传数据时,前端出现的跨域权限问题:ccess to XMLHttpRequest at ‘’rom origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok st
本人前端使用多个框架时,jq ajax传参出现如下报错: 最后发现,可能是xhr的相关默认参数被修改了.顾使用jq 传参时,一直报错,jq ajax额外添加的关键参数: crossDomain: ...
- 跨域请求错误: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
今天在学习Angular 的HttpInterceptor 拦截器时,发现添加了新的headers键值之后总是报跨域错误.后台使用的是asp.net core. 检查发现,在添加了新的header之后 ...
随机推荐
- makefile自动生成学习
https://www.cnblogs.com/jrglinux/p/6964169.html 关键是如何写Makefile.am 其他的交给 自动工具完成 添加一个 很好的博客 学习下 https ...
- java生成xls
------------------------------------------------------初始化xls操纵类-------- import java.io.File; import ...
- php开发扩展环境的搭建(Windows)
php开发扩展环境的搭建(Windows) 前期准备: (1) 下载php-5.3.10源码包(php-5.3.10.tar.bz2)并解压到C:\php-5.3.10:下载二进制包php-5.3.1 ...
- 使用VMware WorkStation虚拟机软件安装CentOS 8
使用VMware WorkStation虚拟机软件安装CentOS 8 说明:本章我们使用的虚拟机软件是VMware WorkStation15.5 PRO,镜像包是CentOS-8.2.2004-x ...
- Python基础随笔①(MOOC)
@ 目录 前言 概述 主体 1.基本语法元素 ①实例:温度转换 要求 分析 代码部分 运行结果 ②作业:Hello World的条件输出 要求 分析 代码 运行结果 ③作业:数值运算 要求 分析 代码 ...
- vue后台管理系统遇到的注意事项以及总结
地址栏加#号问题:Vue-router 中有hash模式和history模式,vue的路由默认是hash模式,一般开发的单页应用的URL都会带有#号的hash模式第一步在router/index.js ...
- jmespath(1)基础语法
前言 JMESPath是JSON的查询语言.您可以从JSON文档中提取和转换元素 官方文档:https://jmespath.org/tutorial.html 基本表达式 JMESPath用的最多的 ...
- Codeforces Round #602 Div2 D1. Optimal Subsequences (Easy Version)
题意:给你一个数组a,询问m次,每次返回长度为k的和最大的子序列(要求字典序最小)的pos位置上的数字. 题解:和最大的子序列很简单,排个序就行,但是题目要求字典序最小,那我们在刚开始的时候先记录每个 ...
- hdu4533 威威猫系列故事——晒被子
Problem Description 因为马拉松初赛中吃鸡腿的题目让不少人抱憾而归,威威猫一直觉得愧对大家,这几天他悄悄搬到直角坐标系里去住了. 生活还要继续,太阳也照常升起,今天,威威猫在第一象限 ...
- poj1787 Charlie's Change
Description Charlie is a driver of Advanced Cargo Movement, Ltd. Charlie drives a lot and so he ofte ...