CORS & OPTIONS & preflight request
CORS & OPTIONS
preflight request
- CORS 原理
CORS跨域的原理实际上是浏览器与服务器通过一些HTTP协议头来做一些约定和限制
- OPTIONS 应用场景
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
preflighted requests & simple requests
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
https://dev.to/effingkay/cors-preflighted-requests--options-method-3024
demos
- GET & application/json === OPTION
const getData = (url = ``) => {
// Default options are marked with *
return fetch(url, {
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
"Content-Type": "application/json",
// "Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "GET", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
getData(`https://cdn.xgqfrms.xyz/json/data.json`);
- GET & text/plain !== OPTION
const getData = (url = ``) => {
// Default options are marked with *
return fetch(url, {
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
// "Content-Type": "application/json",
"Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "GET", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
getData(`https://cdn.xgqfrms.xyz/json/data.json`);
- POST & application/json === OPTION
const postData = (url = ``, data = {}) => {
// Default options are marked with *
return fetch(url, {
body: JSON.stringify(data), // must match "Content-Type" header
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
"Content-Type": "application/json",
// "Content-Type": "text/plain",
// "Content-Type": "text/plain",
},
method: "POST", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
postData(`https://cdn.xgqfrms.xyz/json/data.json`, {});
- POST & application/x-www-form-urlencoded !== OPTION
const postData = (url = ``, data = {}) => {
// Default options are marked with *
return fetch(url, {
body: data, // must match "Content-Type" header
cache: "no-cache", // *default, no-cache, reload, force-cache, only-if-cached
credentials: "same-origin", // include, same-origin, *omit
headers: {
// "user-agent": "Mozilla/4.0 MDN Example",
// "Content-Type": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
// "Content-Type": "text/plain",
},
method: "POST", // *GET, POST, PUT, DELETE, etc.
mode: "cors", // no-cors, cors, *same-origin
redirect: "follow", // manual, *follow, error
referrer: "no-referrer", // *client, no-referrer
})
.then(response => response.json()) // parses response to JSON
.then(json => {
// json
console.log(`json =`, JSON.stringify(json, null, 4));
return json;
})
.catch(err => console.error(`error =`, err));
};
postData(`https://cdn.xgqfrms.xyz/json/data.json`, `key=value`);
xgqfrms 2012-2020
www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!
CORS & OPTIONS & preflight request的更多相关文章
- has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
前端显示: has been blocked by CORS policy: Response to preflight request doesn't pass access control che ...
- CORS跨域带来的preflight request
CORS跨域带来的preflight request https://blog.csdn.net/baidu_35407267/article/details/79043515 HTTPS://blo ...
- Cross-origin resource sharing JSON with Padding 同源策略 JSONP 为什么form表单提交没有跨域问题,但ajax提交有跨域问题? XMLHttpRequest and the Fetch API follow the same-origin policy 预检请求(preflight request)
https://zh.wikipedia.org/wiki/跨来源资源共享 跨来源资源共享(CORS)是一份浏览器技术的规范,提供了 Web 服务从不同域传来沙盒脚本的方法,以避开浏览器的同源策略[1 ...
- CORS OPTIONS
CORS OPTIONS A CORS preflight request is a CORS request that checks to see if the CORS protocol is u ...
- .Net Core 处理跨域问题Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
网页请求报错: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Or ...
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' heade
XMLHttpRequest cannot load http://10.164.153.37:8050/WebService/WebService.asmx/wsGetStreetData. Res ...
- preflight request预检请求
preflight request预检请求,负责检查是否允许跨域请求,但是注意并不是所有的跨域请求都会发送preflight请求.对与那些幂等的请求,如GET请求,就不会发送preflight请求.只 ...
- ajax post上传数据时,前端出现的跨域权限问题:ccess to XMLHttpRequest at ‘’rom origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok st
本人前端使用多个框架时,jq ajax传参出现如下报错: 最后发现,可能是xhr的相关默认参数被修改了.顾使用jq 传参时,一直报错,jq ajax额外添加的关键参数: crossDomain: ...
- 跨域请求错误: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
今天在学习Angular 的HttpInterceptor 拦截器时,发现添加了新的headers键值之后总是报跨域错误.后台使用的是asp.net core. 检查发现,在添加了新的header之后 ...
随机推荐
- 活动精彩实录 | 王峰:Cassandra在360的多场景应用及未来趋势
点击此处观看完整活动视频 大家好,我是360的王峰,我今天主要通过Cassandra在多场景下的应用来介绍一下Cassandra在360落地的情况. 我会从以下这几个方面进行介绍.首先介绍下Cassa ...
- CCF CSP 202012-2 期末预测之最佳阈值
202012-2 期末预测之最佳阈值 题目背景 考虑到安全指数是一个较大范围内的整数.小菜很可能搞不清楚自己是否真的安全,顿顿决定设置一个阈值 θ,以便将安全指数 y 转化为一个具体的预测结果--&q ...
- B 明码
B 明码 :汉字的字形存在于字库中,即便在今天,16点阵的字库也仍然使用广泛. 16点阵的字库把每个汉字看成是16x16个像素信息.并把这些信息记录在字节中. 一个字节可以存储8位信息,用32个字节就 ...
- A - 你能数的清吗 51Nod - 1770
题目: 演演是个厉害的数学家,他最近又迷上了数字谜.... 他很好奇 xxx...xxx(n个x)*y 的答案中 有多少个z,x,y,z均为位数只有一位的整数. 大概解释一下: 22222*3 = ...
- Nestjs入门学习教程
初次接触Nest,有问题欢迎指出: 简介 NestJS是一个用于构建高效.可扩展的Node.js服务器端应用程序的开发框架.简单来说是一款Node.js的后端框架. 它利用JavaScript的渐进增 ...
- ssh配置方面小实验①
注意:sshd_config配置文件有些特殊:注释掉的选项,并不是不生效的,而是默认生效选项.使用某选项时,要先取消注释,再修改为yes或no关于效率和安全的说明:安全:telnet < ssh ...
- nginx实现文件上传和下载
nginx实现文件上传和下载 发布时间:2020-06-05 16:45:27 来源:亿速云 阅读:156 作者:Leah 栏目:系统运维 这篇文章给大家分享的是nginx实现文件上传和下载的方法.小 ...
- 【原创】Linux虚拟化KVM-Qemu分析(九)之virtio设备
背景 Read the fucking source code! --By 鲁迅 A picture is worth a thousand words. --By 高尔基 说明: KVM版本:5.9 ...
- codeforces 6E (非原创)
E. Exposition time limit per test 1.5 seconds memory limit per test 64 megabytes input standard inpu ...
- 全局ID生成--雪花算法
分布式ID常见生成策略: 分布式ID生成策略常见的有如下几种: 数据库自增ID. UUID生成. Redis的原子自增方式. 数据库水平拆分,设置初始值和相同的自增步长. 批量申请自增ID. 雪花算法 ...