jQuery CORS 内容类型选项
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12320467/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
jQuery CORS Content-type OPTIONS
提问by Alex Ivasyuv
I have issue with sending AJAX body request using jQuery CORS with custom Content-type. Here's my code:
我在使用带有自定义内容类型的 jQuery CORS 发送 AJAX 正文请求时遇到问题。这是我的代码:
$.ajax({
url: "http://some-other-domain/my-path",
type: "POST",
contentType: "application/json",
dataType: "json",
data: JSON.stringify({
key: 1,
key2: 2
}),
statusCode: {
200: function(data) {
}
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});
I need to set Content-type as "application/json" as it's require server side. But instead of sending request as POST jQuery sends it's as OPTIONS.
我需要将 Content-type 设置为“application/json”,因为它需要服务器端。但不是像 POST 那样发送请求,jQuery 将它作为 OPTIONS 发送。
Here's a headers:
这是一个标题:
Response Headers:
响应头:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 03:00:00 EET
Set-Cookie: JSESSIONID=BB9D6783E58FB0F2ADE1924A2F0CBA52; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 6233
Date: Fri, 07 Sep 2012 14:41:13 GMT
Request Headers:
请求头:
OPTIONS /my-path HTTP/1.1
Host: MY-HOME-NAME
User-Agent: MY_USER_AGEMT
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Origin: HERE-GOES-DOMAIN
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Pragma: no-cache
Cache-Control: no-cache
CORS works great, all required headers are sends by server, but not if it sends by OPTIONS type. Is it jQuery issue?
CORS 工作得很好,所有必需的标头都是由服务器发送的,但如果它是通过 OPTIONS 类型发送的,则不会。是 jQuery 的问题吗?
jQuery - 1.8.1
jQuery - 1.8.1
回答by monsur
This OPTIONS request is the CORS preflight request. It is a request that is sent to the server before the actual request in order to ask permissions to make the request. The custom Content-Type is in fact triggering the preflight. According to the CORS spec (http://www.w3.org/TR/cors/), any Content-Type otherthan application/x-www-form-urlencoded, multipart/form-data, or text/plain triggers the preflight.
此 OPTIONS 请求是 CORS 预检请求。它是在实际请求之前发送到服务器的请求,以请求发出请求的权限。自定义 Content-Type 实际上触发了预检。根据CORS规范(http://www.w3.org/TR/cors/),任何内容类型其他比应用程序/ x-WWW窗体-urlencoded,多部分/格式数据,或文本/无格式触发器飞行前。
If you have no control over the remote server, then you'll need to either ask them to support CORS preflight, or try some other option such as JSON-P.
如果您无法控制远程服务器,那么您需要要求他们支持 CORS 预检,或者尝试其他一些选项,例如 JSON-P。
If you do have control over the remote server, you can change it to handle preflights. In order to handle a preflight request, you should send the following headers in the response to the OPTIONS request:
如果您确实可以控制远程服务器,则可以将其更改为处理预检。为了处理预检请求,您应该在对 OPTIONS 请求的响应中发送以下标头:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: Content-Type
The response should be an HTTP 200. The Access-Control-Allow-Methodsresponse header can either echo the value of the Access-Control-Request-Method, or it can just be GET, POST, PUT, DELETEto support all methods. The Access-Control-Allow-Headersresponse header should echo the values in the Access-Control-Request-Headersrequest header.
响应应该是 HTTP 200。Access-Control-Allow-Methods响应头可以回显 的值Access-Control-Request-Method,也可以只是GET, POST, PUT, DELETE支持所有方法。的Access-Control-Allow-Headers响应报头应在呼应值Access-Control-Request-Headers请求头。
Once the browser receives those headers, it will make the actual request. You can learn more about CORS preflight requests here:
一旦浏览器收到这些标头,它就会发出实际的请求。您可以在此处了解有关 CORS 预检请求的更多信息:
