Javascript 飞行前响应中的访问控制允许标头不允许XMLHttpRequest请求标头字段邮递员令牌
我正在尝试访问smartthings API,以便在本地控制设备。当我使用以下chrome扩展时,它确实可以工作,但是我不想依赖这样的东西: 当我不使用扩展名时,出现以下错误:Javascript 飞行前响应中的访问控制允许标头不允许XMLHttpRequest请求标头字段邮递员令牌,javascript,jquery,rest,http,cors,Javascript,Jquery,Rest,Http,Cors,我正在尝试访问smartthings API,以便在本地控制设备。当我使用以下chrome扩展时,它确实可以工作,但是我不想依赖这样的东西: 当我不使用扩展名时,出现以下错误: Access to XMLHttpRequest at 'https://api.smartthings.com/v1/devices/XXXX- XXXX-XXXX/commands'from origin 'http://localhost:8080' has been blocked by CORS policy
Access to XMLHttpRequest at 'https://api.smartthings.com/v1/devices/XXXX-
XXXX-XXXX/commands'from origin 'http://localhost:8080' has been blocked by
CORS policy: Request header field postman-token is not
allowed by Access-Control-Allow-Headers in preflight response.
我一直在试图理解CORS,以及我被“拒绝”的原因,但我感到困惑的是,我的响应/请求头似乎是正确的。
以下是请求和响应标题:
GENERAL
Request URL: https://api.smartthings.com/v1/devices/XXXX-XXXX-XXXX/commands
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: 1x.xxx.1xx.xx:xxx
Referrer Policy: no-referrer-when-downgrade
RESPONSE HEADERS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization,X-ST-Client,X-ST-Api-Version,X-ST-Client-AppVersion,X-ST-Client-OS,X-ST-Client-DeviceModel
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain charset=UTF-8
Date: Tue, 06 Aug 2019 16:19:52 GMT
Server: openresty
REQUEST HEADERS
Provisional headers are shown
Access-Control-Request-Headers: authorization,cache-control,content-type,postman-token
Access-Control-Request-Method: POST
Origin: http://localhost:8080
Referer: http://localhost:8080/compare/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/xxx.xx (KHTML, like Gecko) Chrome/xx.x.xxxx.xxx Safari/xxx.xx
我对此感到困惑的是smartthings的响应似乎允许*,这让我觉得我不应该收到这个错误。然而,我对如何编辑/调整这些标题有点困惑,本质上我想做chrome扩展正在做的事情?以下是我调用smartthings API的方式:
function APIAWAY(){
var settings = {
"async": true,
"crossDomain": true,
"url": "https://api.smartthings.com/v1/devices/XXX-XXXX/commands",
"method": "POST",
"headers": {
"Authorization": "Bearer XXXX-XXXX-XXXX",
"Content-Type": "application/json",
"Accept": "*/*",
"Cache-Control": "no-cache",
"Postman-Token": "XXXX-XXXX-XXXX",
"cache-control": "no-cache"
},
"processData": false,
"data": "{\r\n\"commands\": [\r\n{\r\n\"component\": \"main\",\r\n\"capability\": \"switch\",\r\n\"command\": \"on\"\r\n}\r\n]\r\n}"
}
$.ajax(settings).done(function (response) {
console.log(response);
});
}
这样做-
function APIAWAY(){
var settings = {
"async": true,
"crossDomain": true,
"url": "https://api.smartthings.com/v1/devices/XXX-XXXX/commands",
"method": "POST",
"headers": {
"Authorization": "Bearer XXXX-XXXX-XXXX",
"Content-Type": "application/json",
"Accept": "*/*",
"Cache-Control": "no-cache",
"cache-control": "no-cache"
},
"processData": false,
"data": "{\r\n\"commands\": [\r\n{\r\n\"component\": \"main\",\r\n\"capability\": \"switch\",\r\n\"command\": \"on\"\r\n}\r\n]\r\n}"
}
$.ajax(settings).done(function (response) {
console.log(response);
});
}
问题是您正在添加服务器不接受的
邮递员令牌
标头。使用而不是“写入”您自己的JSON。请求被阻止的原因是:“请求标头字段邮递员令牌
不被飞行前响应中的访问控制允许标头
所允许”@Andreas非常感谢,这么简单的解决方案!新的这种类型的发展和感谢的帮助!