如何解决 CORS 预检错误 api
how to solve CORS preflight error in rest api
我们在一台服务器上有两个站点。我们创建了一个 rest api,api 后端代码位于 Site1.com。
在第二个站点上,有一个前端将请求发送到第一个站点的 APIs
但是我们遇到错误 405 和这个错误:
跨源请求被阻止:同源策略不允许读取位于 http://site1.com/t.php 的远程资源。 (原因:CORS预检响应没有成功)
.htaccess 在 Site1.com 上:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/ [R=301,L]
API 代码站点 1.com/t.php :
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
echo json_encode($_POST, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
控制台浏览器:
OPTIONS
scheme : http
host : Site1.com
filename : /t.php
Address : ***.8.173.***:80
Status405
Method Not Allowed
VersionHTTP/1.1
Transferred431 B (0 B size)
Access-Control-Allow-Headers : x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Methods : POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Origin : *
Allow :
Connection
Keep-Alive
Content-Length
230
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 28 Sep 2020 12:19:28 GMT
Keep-Alive
timeout=2, max=99
Server
Apache/2
Accept
*/*
Accept-Encoding
gzip, deflate
Accept-Language
en-US,en;q=0.5
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Connection
keep-alive
Host
Site2.com
Origin
http://Site2.com
Referer
http://Site2.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
这个问题有两个方面:
1- front-end :
在您的 front-end js 请求中,您应该确保发送带有表单数据的数据。
2- back-end :
在您的 back-end 代码中,您应该直接使用 $_POST 全局而不是 json_decode(file_get_contents("php://input"), true).
我们在一台服务器上有两个站点。我们创建了一个 rest api,api 后端代码位于 Site1.com。 在第二个站点上,有一个前端将请求发送到第一个站点的 APIs 但是我们遇到错误 405 和这个错误: 跨源请求被阻止:同源策略不允许读取位于 http://site1.com/t.php 的远程资源。 (原因:CORS预检响应没有成功)
.htaccess 在 Site1.com 上:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/ [R=301,L]
API 代码站点 1.com/t.php :
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
echo json_encode($_POST, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
控制台浏览器:
OPTIONS
scheme : http
host : Site1.com
filename : /t.php
Address : ***.8.173.***:80
Status405
Method Not Allowed
VersionHTTP/1.1
Transferred431 B (0 B size)
Access-Control-Allow-Headers : x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Methods : POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Origin : *
Allow :
Connection
Keep-Alive
Content-Length
230
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 28 Sep 2020 12:19:28 GMT
Keep-Alive
timeout=2, max=99
Server
Apache/2
Accept
*/*
Accept-Encoding
gzip, deflate
Accept-Language
en-US,en;q=0.5
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Connection
keep-alive
Host
Site2.com
Origin
http://Site2.com
Referer
http://Site2.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
这个问题有两个方面:
1- front-end : 在您的 front-end js 请求中,您应该确保发送带有表单数据的数据。
2- back-end : 在您的 back-end 代码中,您应该直接使用 $_POST 全局而不是 json_decode(file_get_contents("php://input"), true).