Iron-ajax 401 未授权或 CORS 问题
Iron-ajax 401 unauthorized or CORS issue
我在 Polymer 2.0 上使用 iron-ajax 时遇到问题。我的代码基于 Polymer 1.0,我正在尝试对其进行调整。我通过这样的 POST 发送我的表格:
模板:
<div class="wrapper-btns">
<paper-button raised class="primary" on-tap="postLogin">Log In</paper-button>
<paper-button class="link" on-tap="postRegister">Sign Up</paper-button>
</div>
代码:
_setReqBody() {
this.$.registerLoginAjax.body = this.formData;
}
postLogin() {
this.$.registerLoginAjax.url = 'http://localhost:3001/sessions/create';
this._setReqBody();
this.$.registerLoginAjax.generateRequest();
}
铁-Ajax设置:
<iron-localstorage name="user-storage" value="{{storedUser}}"></iron-localstorage>
<app-data key="userData" data="{{storedUser}}"></app-data>
<iron-ajax
id="registerLoginAjax"
method="post"
content-type="application/json"
handle-as="text"
on-response="handleUserResponse"
on-error="handleUserError"></iron-ajax>
当我这样做时,出现以下错误:
POST http://localhost:3001/sessions/create 400 (Bad Request)
当我在 Iron-Ajax 上使用这条线时:
with-credentials="true"
错误似乎是 CORS 问题:
XMLHttpRequest cannot load http://localhost:3001/sessions/create.
Response to preflight request doesn't pass access control check: The
value of the 'Access-Control-Allow-Origin' header in the response must
not be the wildcard '*' when the request's credentials mode is
'include'. Origin 'http://127.0.0.1:8081' is therefore not allowed
access. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.
我做错了什么?
更改 http://localhost:3001/sessions/create 后端的 server-side 代码以在对来自 http://127.0.0.1:8081/ 的请求的响应中发送响应 header Access-Control-Allow-Origin: http://127.0.0.1:8081/,而不是发回响应 header Access-Control-Allow-Origin: * 就像现在一样。
Credentialed requests and wildcards section of the MDN page on CORS 解释原因:
When responding to a credentialed request, the server must specify an origin in the value of the Access-Control-Allow-Origin header, instead of specifying the "*" wildcard.
我在 Polymer 2.0 上使用 iron-ajax 时遇到问题。我的代码基于 Polymer 1.0,我正在尝试对其进行调整。我通过这样的 POST 发送我的表格:
模板:
<div class="wrapper-btns">
<paper-button raised class="primary" on-tap="postLogin">Log In</paper-button>
<paper-button class="link" on-tap="postRegister">Sign Up</paper-button>
</div>
代码:
_setReqBody() {
this.$.registerLoginAjax.body = this.formData;
}
postLogin() {
this.$.registerLoginAjax.url = 'http://localhost:3001/sessions/create';
this._setReqBody();
this.$.registerLoginAjax.generateRequest();
}
铁-Ajax设置:
<iron-localstorage name="user-storage" value="{{storedUser}}"></iron-localstorage>
<app-data key="userData" data="{{storedUser}}"></app-data>
<iron-ajax
id="registerLoginAjax"
method="post"
content-type="application/json"
handle-as="text"
on-response="handleUserResponse"
on-error="handleUserError"></iron-ajax>
当我这样做时,出现以下错误:
POST http://localhost:3001/sessions/create 400 (Bad Request)
当我在 Iron-Ajax 上使用这条线时:
with-credentials="true"
错误似乎是 CORS 问题:
XMLHttpRequest cannot load http://localhost:3001/sessions/create. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://127.0.0.1:8081' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
我做错了什么?
更改 http://localhost:3001/sessions/create 后端的 server-side 代码以在对来自 http://127.0.0.1:8081/ 的请求的响应中发送响应 header Access-Control-Allow-Origin: http://127.0.0.1:8081/,而不是发回响应 header Access-Control-Allow-Origin: * 就像现在一样。
Credentialed requests and wildcards section of the MDN page on CORS 解释原因:
When responding to a credentialed request, the server must specify an origin in the value of the
Access-Control-Allow-Originheader, instead of specifying the "*" wildcard.