cors - Why it has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.?
问题描述
I have followed the guide at:
https://serverless.com/blog/cors-api-gateway-survival-guide/
To create a backend service with serverless, lambda, nodejs. The endpoint is working correctly if testing with postman.
Below the request headers, how they are set ( I tried to enable everything since to find out the issue) .
General:
Request Method: OPTIONS
Status Code: 400
Remote Address: xxx.xxx.xxx.xxx:443
Referrer Policy: no-referrer-when-downgrade
Response Headers:
access-control-allow-credentials: true
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
access-control-allow-origin: *
content-length: 97
content-type: application/json
date: Fri, 08 Nov 2019 16:26:15 GMT
status: 400
via: 1.1 xxxxxxx.cloudfront.net (CloudFront)
x-amz-apigw-id: xxxxxxxx=
x-amz-cf-id: xxxxxx-EFTU2MF4k_TQ==
x-amz-cf-pop: xxxxx-C1
x-amzn-requestid: xxxxxxx-85a7-4d61-bf42-081944a4d307
x-amzn-trace-id: Root=1-xxxxxxx-37555e2ccf9ab35021c26f98;Sampled=0
x-cache: Error from cloudfront
Request headers
:authority: xxxxxx.execute-api.eu-west-1.amazonaws.com
:method: OPTIONS
:path: /stg/getConfigUrl
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,it;q=0.8
access-control-request-headers: access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type
access-control-request-method: POST
cache-control: no-cache
origin: http://0.0.0.0:8017
pragma: no-cache
referer: http://0.0.0.0:8017/
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 ....
I think the needed preflight request headers are set. I dont get this error. What's really meaning that "It does not have HTTP ok status" ?
Trying with Postman (same request) it answer HTTP 200 OK. But here via browser it seems OPTION request answers 400... why? How can I fix this?
解决方案
基本上,您的浏览器在您访问的站点中执行编码正确的 XHR 请求之前,它会询问“嗯,我在 localhost(或 web.com)中”,然后它会询问请求指向的站点“嘿,什么选项我得给你打电话?” 之后,如果站点配置良好,它可以回答例如“所以,我允许来自 collsite.com 的请求,但前提是您想要 GET 或 POST,然后我将允许您向我发送您想要的所有 HTTP 标头”和您的浏览器“好的,好的!我会检查这个请求并为你执行这些规则!” 接下来它会抛出或不抛出已知的“CORS 错误”。从技术上讲,它首先会使用动词“OPTIONS”对所指向的站点执行一个空请求。之后它将“捕获”特定的 HTTP 标头并检查其内容,即进行此“对话”的位置。例如,
推荐阅读
- html - SyntaxError:编译 ejs 时出现意外的标识符
- python - RuntimeWarning:与 np.where() 相除时遇到无效值
- android - 设置计时器以了解 NFC 读取标签的速度
- objective-c - 让macOS屏保的BG变黑?
- python - 如何使用 python、PRAW/PSAW 抓取未制作首页的 reddit 帖子
- java - 如果一个程序完全由线程安全类组成,那么它是线程安全程序吗?
- python - 如何简化这些字典理解?
- c# - 如何在 .Net 核心 Web API 中进行 Azure AD 组授权?
- javascript - Javascript阻止函数调用
- oauth-2.0 - 无法通过邮递员登录 pinterest 应用程序以请求令牌