has been blocked by CORS policy: Request header field secret is not allowed by Access-Control-Allow-

最新推荐文章于 2024-08-20 10:51:49 发布
最新推荐文章于 2024-08-20 10:51:49 发布
阅读量2w 收藏 21
点赞数 9
分类专栏: 报错
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/MFWSCQ/article/details/109337834
版权

 问题描述:当前系统需要访问某个网站的接口xxx,但是由于安全限制需要在请求头带俩字段验证token之类的,请求方法需要向后端带上 token 如下para里面两个数据字段,请求方式是 POST ,但是数据返回时跨域阻断报错了:

找了半天原因,跟后端说跨域了,后端说他已经设置了允许跨域,这个:

Access-Control-Allow-Origin: *

解决方式:

然后找了半天原因,各种搜索(要怪只能怪自己学识浅薄)都想骂人了,然后找到原因,告诉后端是需要后端在响应头的 Access-Control-Allow-Headers 字段设置允许前端请求时带有的字段值,比如下面这是改进后的:

Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization

就是必须要设置允许设置的请求头带有的字段: Secret 和 Appid

​_getData({
    url: 'xxxxxx',
    para: {
        DeviceName: 'test',
        IP: "192.168.66.99",
    },
    contentType: 'application/json',
    beforeSend: function (xhr) {
        xhr.setRequestHeader('Secret', 'xxx');
        xhr.setRequestHeader('Appid', 'xxx');
    },
})

 

墨语轩
关注
专栏目录
出现 has been blocked by CORS policy: No ‘Access-Control-Allow-Origin‘ header is present on the 解决方法
码农研究僧的博客
06-03 6422
Access to XMLHttpRequest at 'http://127.0.0.1:5000/api/data' from origin 'http://10.197.0.79:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
CORS error错误 has been blocked by CORS policy前端请求浏览器出错
热门推荐
m0_67265464的博客
03-03 1万+
问题简述 通过vue的axious拦截全局请求在请求头上加了identify和token字段后,访问后端zuul网关,浏览器出现错误,导致后台接收不了http包的自定义header字段,并不能很好的进行网关的鉴权。 错误如下: Access to XMLHttpRequest at ‘http://127.0.0.1:27000/api/v1/index-infos’ from origin ‘http://’ has been blocked by CORS policy: Request header
CORS跨域访问漏洞
最新发布
YhMjQx的博客
08-20 1603
本篇文章主要讲解CSRF漏洞的原理,并复现漏洞和利用
blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in
Ggome的博客
05-11 5899
原因跨域设置没有设置token名称,将token加入请求跨域请求头里面即可。
has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control...
weixin_34242509的博客
06-10 7832
https://www.cnblogs.com/caimuqing/p/6733405.html // TODO 支持跨域访问 response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "...
axios/ajax 请求头部添加自定义字段报错(has been blocked by CORS policy: Request header field authorization is ...
alxw2010的博客
05-12 2903
这个错误是由于浏览器的安全机制所引起的,即跨域资源共享(CORS)策略。当浏览器发现一个跨域请求时,会发送一个预检请求(Preflight Request)来确认服务器是否允许跨域请求。在预检请求中,浏览器会检查请求头中的字段是否被服务器允许。如果请求头中包含了服务器不允许的字段,就会报错。解决方法:在服务器端的响应头中添加Access-Control-Allow-Headers字段,指定允许的请求头字段,包括自定义的字段。其中,custom-header是你自定义的请求头字段。
by CORS policy: Request header field headers is not allowed by Access-Control-Allow-Headers in
~牧马~
11-10 3527
报错:Access to XMLHttpRequest at ‘http://xxx.xxx.xxx.xx:8080/api/user/seekorg/’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: Request header field headers is not allowed by Access-Control-Allow-Headers in preflight response. 翻译:通过“http
has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
11-23
如果请求头部中包含未经允许的字段,服务器将返回一个CORS错误,其中包含“has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight ...
has been blocked by CORS policy: Request header field sessionid is not allowed by Access-Control-Allow-Headers in preflight response.
09-12
"has been blocked by CORS policy: Request header field sessionid is not allowed by Access-Control-Allow-Headers in preflight response" 这个错误是由于在预检请求的响应中,Access-Control-Allow-Headers ...
has been blocked by CORS policy: Request header field tyyhtoken is not allowed by Access-Control-Allow-Headers in preflight response.
09-28
"has been blocked by CORS policy: Request header field tyyhtoken is not allowed by Access-Control-Allow-Headers in preflight response." 表示在发送跨域请求时,服务端不允许请求头中包含名为 "tyyhtoken" ...
has been blocked by CORS policy: Request header field abp.tenantid is not allowed by Access-Control-Allow-Headers in preflight response.
07-27
- *3* [has been blocked by CORS policy: Request header field secret is not allowed by Access-Control-Allow-](https://blog.csdn.net/MFWSCQ/article/details/109337834)[target="_blank" data-report-click={...
关于跨域资源共享(CORS)的前后端异常分析.[has been blocked by CORS policy: Request header field access-control-allow-]
旗袍不开、怎么得胜?
12-07 2549
关于跨域资源共享(CORS)的前后端异常分析.CORS拦截请求头中的token,authority等字段解决办法[has been blocked by CORS policy: Request header field access-control-allow-]
has been blocked by CORS policy: Request header field aaa is not allowed by Access-Control-Allow-Hea
放羊的小孩
11-28 1万+
Vue项目中使用axios作为http请求库,我想在get请求中添加一个自定义的请求头,结果在我请求数据的时候,就报出了跨域的问题. 给http请求添加自定义的请求头参数很常用,如我给我的请求添加token给服务端验证请求的合法性等,我在我的项目中给所有的get请求添加了一个aaa参数,结果我在使用get请求数据的时候,报出了跨域问题的异常信息.报的信息如下: Access to XMLHt...
CROS 预检请求 异常解决方法 authorization is not allowed by Access-Control-Allow-Headers in preflight response
05-30 496
CROS 预检请求 异常解决方法 has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
has been blocked by CORS policy: The ‘Access-Control-Allow-Origin‘ header contains multiple values ‘
qq_59833893的博客
10-18 5636
之后又出现 CORS 头缺少 'Access-Control-Allow-Origin' 跨域问题。原因:项目中设置了双跨域配置导致的问题。删除或注解掉一处,只保留一个。注释掉nginx上的相关配置。
from origin ‘null‘ has been blocked by CORS policy: Request header field token is not allowed by Acc
qq_40886696的博客
09-03 8864
from origin ‘null’ has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response. 遇到这种类似的问题一般都是跨域请求问题,后端可以这样设置返回请求头 然后就可以请求成功了,因为携带token请求头,所以需要 response.setHeader("Access-Control-Allow-H
跨域错误问题has been blocked by cors policy
我的博客
06-05 1843
这个问题其实是一个跨域调用错误 有多种解决方法,我放到服务器上所以在服务器上的apache的配置文件中修改。 一开始以为apache的配置文件是httpd.conf 然后发现我压根没有这个文件,在/etc/apache2/apache2.conf中加入 <IfModule mod_setenvif.c> <IfModule mod_headers.c> <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?.
apache设置服务端允许跨域访问解决has been blocked by CORS policy问题
bluecat333的博客
01-16 6179
一、前言   前后端分离开发比较流行,这就对本机测试带来一定麻烦,首先就是跨域问题,当前后端都部署在本机后都使用localhost域名访问就会被浏览器拦截。   这里基于phpstudy集成环境的apache服务端进行设置,解决跨域问题,同时也能解决以下两个常见的前端请求异常。 has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Contro
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值