为什么 CORS 似乎不能与 POST 一起使用？

发布于 2024-08-27 14:05:00 字数 1378 浏览 9 评论 0原文

Mozilla 自己的规范表示简单的 GET 或 POST 应该是原生 CORS，无需预检，但到目前为止，我所做的每一次 POST 尝试都会导致 OPTIONS 标头消失。当我将其从 POST 更改为获取代码时，立即发送正确的 GET 请求，因此跨站点部分工作正常。

这是我在 Firefox 中所做的精简示例：

 var destinationUrl = 'http://imaginarydevelopment.com/postURL';
 var invocation = new XMLHttpRequest();
            if (invocation) {
                invocation.open('POST', destinationUrl, true);
                //tried with and without this line
                //invocation.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

                invocation.onreadystatechange = (function Handler() {
                if (invocation.readyState == 4)
                        alert('Request made');
                });
                invocation.send(/* tried with and without data*/);
            }

这是我在 chrome 和 IE 中已经完成的工作：

var destinationUrl = 'http://imaginarydevelopment.com/postURL';
var destination = { url: destinationUrl, type: 'POST', success: AjaxSuccess, error: AjaxError,
            dataType: 'text', contentType: 'application/x-www-form-urlencoded'
        };
  destination.data = { 'rows': rowList, 'token': token };
            $jq.ajax(destination);

原文

Mozilla's own specification says simple GET or POST should be natively CORS's without preflighting but so far every POST attempt I've made has resulted in an OPTIONS header going out. When I change it from POST to get the code immediately sends a proper GET request so the cross site part is working fine.

Here's a slimmed down sample of what I'm doing in firefox:

 var destinationUrl = 'http://imaginarydevelopment.com/postURL';
 var invocation = new XMLHttpRequest();
            if (invocation) {
                invocation.open('POST', destinationUrl, true);
                //tried with and without this line
                //invocation.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

                invocation.onreadystatechange = (function Handler() {
                if (invocation.readyState == 4)
                        alert('Request made');
                });
                invocation.send(/* tried with and without data*/);
            }

Here's what I already had working in chrome and IE:

var destinationUrl = 'http://imaginarydevelopment.com/postURL';
var destination = { url: destinationUrl, type: 'POST', success: AjaxSuccess, error: AjaxError,
            dataType: 'text', contentType: 'application/x-www-form-urlencoded'
        };
  destination.data = { 'rows': rowList, 'token': token };
            $jq.ajax(destination);

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

秋千易 2024-09-03 14:05:00

我有同样的问题

https://developer.mozilla.org/En/HTTP_Access_Control

说enctype 必须是文本/纯文本或者您需要使用 Fx4+
所有访问标头必须正确设置

回复收藏 0 原文

神仙妹妹 2024-09-03 14:05:00

好吧，我不知道所有 contentTypes 实际上都在做什么，但 text/plain 在所有 3 个浏览器上都起作用：

var destination = { url: destinationUrl, type: 'POST', success: AjaxSuccess, error: AjaxError,
             contentType: 'text/plain'
        };
var postData={ 'anArray': theArray, 'token': token };
            destination.data=JSON.stringify(postData);

$jq.ajax(destination);

但是到目前为止，我还没有弄清楚除了运行 success 方法之外是什么阻止了请求执行任何操作即使返回 505 代码。添加Access-Control-Allow-Origin: *响应头解决了浏览器不想读取返回数据的问题。

well, I don't know what all contentTypes actually work but text/plain does on all 3 browsers:

var destination = { url: destinationUrl, type: 'POST', success: AjaxSuccess, error: AjaxError,
             contentType: 'text/plain'
        };
var postData={ 'anArray': theArray, 'token': token };
            destination.data=JSON.stringify(postData);

$jq.ajax(destination);

However so far I haven't figured out what's stopping the request from doing anything besides running the success method even when a 505 code is returned. Adding a response header of Access-Control-Allow-Origin: * solved the browser not wanting to read the return data.

回复收藏 0 原文

~没有更多了~