Google chrome CORS错误,尽管飞行前响应中存在访问控制允许原点标头
Firefox和Chrome给了我CORS错误,尽管选项响应包含Google chrome CORS错误,尽管飞行前响应中存在访问控制允许原点标头,google-chrome,firefox,cors,Google Chrome,Firefox,Cors,Firefox和Chrome给了我CORS错误,尽管选项响应包含访问控制允许源代码 我很好奇我需要做什么才能让选项飞行前cors检查通过 以下是从两个浏览器复制的请求和响应 % ## FIREFOX % curl -i 'http://localhost:5000/sql/change_document_contents?id=1' -X OPTIONS -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101
访问控制允许源代码
我很好奇我需要做什么才能让选项飞行前cors检查通过
以下是从两个浏览器复制的请求和响应
% ## FIREFOX
% curl -i 'http://localhost:5000/sql/change_document_contents?id=1' -X OPTIONS -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: content-type' -H 'Referer: http://localhost:3000/' -H 'Origin: http://localhost:3000' -H 'Connection: keep-alive'
<ol-Request-Headers: content-type' -H 'Referer: http://localhost:3000/' -H 'Origin: http://localhost:3000' -H 'Connection: keep-alive'
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Server: Werkzeug/1.0.1 Python/3.9.5
Date: Sat, 29 May 2021 06:08:59 GMT
%
% ## CHROME
% curl 'http://localhost:5000/sql/change_document_contents?id=1' \
-i \
-X 'OPTIONS' \
-H 'Connection: keep-alive' \
-H 'Accept: */*' \
-H 'Access-Control-Request-Method: POST' \
-H 'Access-Control-Request-Headers: content-type' \
-H 'Origin: http://localhost:3000' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-site' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Referer: http://localhost:3000/' \
-H 'Accept-Language: en-US,en;q=0.9' \
--compressed
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Server: Werkzeug/1.0.1 Python/3.9.5
Date: Sat, 29 May 2021 06:12:11 GMT
%##FIREFOX
%卷曲-我是http://localhost:5000/sql/change_document_contents?id=1'-X选项-H'用户代理:Mozilla/5.0(X11;Linux x86_64;rv:88.0)Gecko/20100101 Firefox/88.0'-H'接受:*/*'-H'接受语言:en-US,en;q=0.5'--compressed-H'访问控制请求方法:POST'-H'访问控制请求头:内容类型'-H'引用:http://localhost:3000/“-H”来源:http://localhost:3000“-H”连接:保持活动”
响应缺少访问控制允许标头
标头。事后看来,Chrome的错误消息有点指向这一点
要修复此问题,请在响应中添加Access Control Allow Headers:Content Type
。请解释否决票。。许多参考资料仅解释访问控制允许源标题。这让我相信其他标题没有影响,我现在知道这是错误的。也没有任何好的资源来解释Chrome的错误代码。此外,这里的大多数其他答案只是说“使用xyz库”,这并不能解释为什么使用Allow Origin头是不够的。