自定义 headers 未添加到请求 object
custom headers are not added to Request object
我正在尝试使用 fetch
api。
首先我创建一个 new Headers()
object:
var oHeaders = new Headers({
'Accept': 'application/json',
'Content-Type': 'application/json',
"X-DocuSign-Authentication": '{"Username":"xxx","Password":"xxx","IntegratorKey":"xxx"}'
})
在实例化 headers 之后,如果我尝试记录 headers,一切都是正确的。
oHeaders.forEach(function(v){console.log(v)})
//logs: 2 application/json {"Username":"xxx","Password":"xxx","IntegratorKey":"xxx"}
我创建请求 object:
var oReq = new Request('https://eu.docusign.net/restapi/v2/login_information', {
method: 'GET',
headers: oHeaders,
mode: 'no-cors',
});
如果我尝试记录请求 object 的 header,只有 accept
header 会在那里。
oReq.headers.forEach(function(v){console.log(v)})
//logs: application/json
如果我尝试 fetch(oReq)
我会得到 401 unauthorized
响应。
是什么让 header 消失了?
当您为请求设置 mode: 'no-cors'
时,浏览器将不允许您设置除 CORS-safelisted request-headers. See the spec requirements 之外的任何请求 header:
To append a name/value (name/value) pair to a Headers
object (headers), run these steps:
- Otherwise, if guard is "
request-no-cors
" and name/value is not a CORS-safelisted request-header, return.
在该算法中,return
等同于“return 而不是将 header 添加到 Headers object”。
我正在尝试使用 fetch
api。
首先我创建一个 new Headers()
object:
var oHeaders = new Headers({
'Accept': 'application/json',
'Content-Type': 'application/json',
"X-DocuSign-Authentication": '{"Username":"xxx","Password":"xxx","IntegratorKey":"xxx"}'
})
在实例化 headers 之后,如果我尝试记录 headers,一切都是正确的。
oHeaders.forEach(function(v){console.log(v)})
//logs: 2 application/json {"Username":"xxx","Password":"xxx","IntegratorKey":"xxx"}
我创建请求 object:
var oReq = new Request('https://eu.docusign.net/restapi/v2/login_information', {
method: 'GET',
headers: oHeaders,
mode: 'no-cors',
});
如果我尝试记录请求 object 的 header,只有 accept
header 会在那里。
oReq.headers.forEach(function(v){console.log(v)})
//logs: application/json
如果我尝试 fetch(oReq)
我会得到 401 unauthorized
响应。
是什么让 header 消失了?
当您为请求设置 mode: 'no-cors'
时,浏览器将不允许您设置除 CORS-safelisted request-headers. See the spec requirements 之外的任何请求 header:
To append a name/value (name/value) pair to a
Headers
object (headers), run these steps:
- Otherwise, if guard is "
request-no-cors
" and name/value is not a CORS-safelisted request-header, return.
在该算法中,return
等同于“return 而不是将 header 添加到 Headers object”。