$http post 请求未添加指定 headers
$http post request is not adding specified headers
我正在使用 $http 向我的服务器发出请求到我的后端以进行登录,但即使在正确指定 headers 之后它的 pre-flighting 我的请求并且还添加了 headers 我也没问过。
这是我向服务器发出的请求
$http({
method: 'POST',
url: 'http://localhost:8080/SignInMainServlet',
data: $httpParamSerializerJQLike({
login_source: source,
accessToken: code,
referrer_code: referral_id
}),
headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8' }
});
这是我处理请求的服务器代码
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
REFERRAL_CODE_COUNT++;
String referrer_code=request.getParameter("referrer_code");
String login_source=request.getParameter("login_source");
String accessToken=request.getParameter("accessToken");
SignInMainManager m = new SignInMainManager(accessToken, referrer_code, login_source,REFERRAL_CODE_COUNT);
String result = m.signIn();
response.setContentType("text/html");
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","POST");
response.addHeader("Access-Control-Allow-Headers","Content-Type");
PrintWriter out = response.getWriter();
out.println(result);
out.close();//closing the stream
}
这是浏览器控制台显示的错误
XMLHttpRequest cannot load http://localhost:8080/SignInMainServlet. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
这是 chrome 上 xhr 调用的请求、响应和一般情况
// Request//
OPTIONS /SignInMainServlet HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Mobile Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
//Response//
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 10:44:57 GMT
Allow: POST, TRACE, OPTIONS
Content-Length: 0
Server: Jetty(8.1.14.v20131031)
//General//
Request URL:http://localhost:8080/SignInMainServlet
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:8080
卡在这里一天了。真的需要帮助!!
我看到你在使用 authentification。我相信您的预检请求不起作用,因为您错过了 CORS 中的一些配置。这样,您的预检请求就会中止。像这样设置您的 CORS:
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers","Origin, Content-Type, X-Auth-Token , Authorization");
最重要的是您只配置了一个 protected void doPost() 侦听器。这样,预检 OPTIONS 请求就没有配置 CORS,因为它在 doOptions() 上侦听。添加一个 doOptions() 侦听器并将您的 CORS 配置放入其中或定义您的 response CORS 全局。
有些想法是这样的:
protected void doOptions(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers","Origin, Content-Type, X-Auth-Token , Authorization");
PrintWriter out = response.getWriter();
out.close();//closing the stream
}
我正在使用 $http 向我的服务器发出请求到我的后端以进行登录,但即使在正确指定 headers 之后它的 pre-flighting 我的请求并且还添加了 headers 我也没问过。
这是我向服务器发出的请求
$http({
method: 'POST',
url: 'http://localhost:8080/SignInMainServlet',
data: $httpParamSerializerJQLike({
login_source: source,
accessToken: code,
referrer_code: referral_id
}),
headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8' }
});
这是我处理请求的服务器代码
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
REFERRAL_CODE_COUNT++;
String referrer_code=request.getParameter("referrer_code");
String login_source=request.getParameter("login_source");
String accessToken=request.getParameter("accessToken");
SignInMainManager m = new SignInMainManager(accessToken, referrer_code, login_source,REFERRAL_CODE_COUNT);
String result = m.signIn();
response.setContentType("text/html");
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","POST");
response.addHeader("Access-Control-Allow-Headers","Content-Type");
PrintWriter out = response.getWriter();
out.println(result);
out.close();//closing the stream
}
这是浏览器控制台显示的错误
XMLHttpRequest cannot load http://localhost:8080/SignInMainServlet. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
这是 chrome 上 xhr 调用的请求、响应和一般情况
// Request//
OPTIONS /SignInMainServlet HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Mobile Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
//Response//
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 10:44:57 GMT
Allow: POST, TRACE, OPTIONS
Content-Length: 0
Server: Jetty(8.1.14.v20131031)
//General//
Request URL:http://localhost:8080/SignInMainServlet
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:8080
卡在这里一天了。真的需要帮助!!
我看到你在使用 authentification。我相信您的预检请求不起作用,因为您错过了 CORS 中的一些配置。这样,您的预检请求就会中止。像这样设置您的 CORS:
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers","Origin, Content-Type, X-Auth-Token , Authorization");
最重要的是您只配置了一个 protected void doPost() 侦听器。这样,预检 OPTIONS 请求就没有配置 CORS,因为它在 doOptions() 上侦听。添加一个 doOptions() 侦听器并将您的 CORS 配置放入其中或定义您的 response CORS 全局。
有些想法是这样的:
protected void doOptions(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin","*");
response.addHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers","Origin, Content-Type, X-Auth-Token , Authorization");
PrintWriter out = response.getWriter();
out.close();//closing the stream
}