Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.

最新推荐文章于 2024-05-30 10:18:34 发布
最新推荐文章于 2024-05-30 10:18:34 发布
阅读量6k 收藏 4
点赞数
分类专栏: CORS 文章标签: http 服务器 前端
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/harris_lele/article/details/123057485
版权

跨域 token Access-Control-Allow-Headers 自定义header OPTIONS请求
关键词由CSDN通过智能技术生成

今天遇到一个跨域问题记录学习下:

一、问题

跨域请求 请求头中包含自定义token字段时,浏览器报错。

Request header field token is not allowed by Access-Control-Allow-Headers

二、原因

包含自定义token字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是否允许自定义的跨域字段。

如果允许,则继续实际的POST/GET正常请求,否则,返回标题所示错误。

OPTIONS请求:

Request URL:http://xxx.yyy.com/zzz/api/file/uploadFile2.do  
Request Method:OPTIONS  
Status Code:200 OK  
Remote Address:47.92.87.25:80  
Referrer Policy:no-referrer-when-downgrade

Request Headers:

Accept:*/*  
Accept-Encoding:gzip, deflate  
Accept-Language:zh-CN,zh;q=0.9,en;q=0.8  
Access-Control-Request-Headers:content-type,token  
Access-Control-Request-Method:POST  
Connection:keep-alive  
Host:service.bz12306.com  
Origin:null  
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

 Access-Control-Request-Headers为向服务器询问是否支持跨域的自定义header字段,服务器需要适当的应答。 

三、 解决

header('Access-Control-Allow-Headers:token,Content-Type');
harris_lele
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
专栏目录
解决:Request header field token is not allowed by Access-Control-Allow-Headers in
是日已过,命亦随减的博客
09-28 4511
在入口文件index.php中添加 header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS, DELETE'); header('Access-Control-Allow-Headers: *'); 其他添加过的地方全部删除,否则会重复。 如果以这种方式添加则不会生效: $header['Access-Control-Allow-Origin
github-personal-access-token-generator-cli:从终端创建GitHub个人访问令牌
05-27
github-personal-access-token-generator-cli 。 但是,如果您是像我这样的命令行狂,并且想要快速创建个人访问令牌而不必离开终端机... 安装 npm install github-personal-access-token-generator-cli -g 用法 ...
跨域问题:Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
小筱在线博客
05-23 3994
Access to XMLHttpRequest at 'http://xxxx' from origin 'http://yyyy has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
CROS 预检请求 异常解决方法 authorization is not allowed by Access-Control-Allow-Headers in preflight response
最新发布
05-30 371
CROS 预检请求 异常解决方法 has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in
Ggome的博客
05-11 5265
原因跨域设置没有设置token名称,将token加入请求跨域请求头里面即可。
Request header field token is not allowed by Access-Control-Allow-Headers in
datouniao1的博客
01-11 1万+
前后端分离项目 后端接口做了跨域的处理 前端header中传递了token,解决办法: @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse) response; r
Java过滤器配置类导致跨域问题:Request header field token is not allowed by Access-Control-Allow-Headers in prefli
ELSA001的博客
03-04 2159
Java过滤器配置类导致跨域问题:Request header field token is not allowed by Access-Control-Allow-Headers in prefli
Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
热门推荐
fuzhongbin的博客
05-20 1万+
之前开发vue项目时,需要在请求头里添加一个token字段,开发的时候都正常,等到部署到正式环境发现很多版本比较低的chorme浏览器都报错,错误如下: XMLHttpRequest cannot load http://******** .Request header field token is not allowed by Access-Control-Allow-Headers in preflight response 后来查阅资料发现是因为我们在请求头header中设置了了自定义的token
SpringBoot跨域Access-Control-Allow-Origin实现解析
08-25
res.addHeader("Access-Control-Allow-Headers", "Content-Type,X-CAF-Authorization-Token,sessionToken,X-TOKEN"); if (((HttpServletRequest) request).getMethod().equals("OPTIONS")) { response.getWriter...
微信access-token获取与更新vs2012.zip
04-24
原创:这个是关于C#如何获取与更新微信access-token的vs2012源码示例,使用者只需重新编译好程序后,配置xml文件的appid,就可以使用了。开发环境中涉及的json.net的nupkg程序包也放在工程文件夹中。希望能帮助大家少...
Python库 | django_request_token-0.14.1-py3-none-any.whl
02-16
**Python库 django_request_token-0.14.1-py3-none-any.whl** 这个压缩包文件`django_request_token-0.14.1-py3-none-any.whl`是针对Python开发的一个库,名为`django_request_token`,版本号为0.14.1。该库特别...
bpmn-js-token-simulation:用于令牌模拟的bpmn-js扩展
05-11
npm install bpmn-js-token-simulation 作为附加模块添加到 。 造型师 var BpmnModeler = require ( 'bpmn-js/lib/Modeler' ) ; var tokenSimulation = require ( 'bpmn-js-token-simulation' ) ; var modeler = ...
完美解决nginx跨域问题Request header field x-token is not allowed by Access-Control-Allow-Headers in prefligh
Zisson_no_error的博客
08-03 1万+
Access-Control-Allow-Headers 响应首部 Access-Control-Allow-Headers 用于 preflight request (预检请求)中,列出了将会在正式请求的 Access-Control-Request-Headers 字段中出现的首部信息。 简单首部,如 simple headers、Accept、Accept-Language、Content-Language、Content-Type (只限于解析后的值为 application/x-www-form-
Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight res
Miss Dan的博客
12-25 5970
一、问题: 跨域请求中包含自定义header字段时,浏览器console报错。 Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response 二、原因: 包含自定义header字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是...
Request header field x-token is not allowed by Access-Control-Allow-Headers in preflight response.
小love容儿的博客
08-19 8473
题:最近在做项目时,报错Request header field x-token is not allowed by Access-Control-Allow-Headers in preflight response,刚开始看到‘Access-Control-Allow-Headers’就觉得是跨域问题,跟后台联调才发现问题; 刚开始接口跨域是后台帮忙处理的,登录接口因为不需要传token,所以登录接口通了,发现其他接口都报这个错误; 于是我改用前端代理,接口顺利进行; 到了项目接近收尾,打包测..
Java Web 跨域设置
qq_37377082的博客
12-03 314
设置全局过滤器 import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 跨域配置 * @author lijinghua */ @WebFilter(urlPatterns = {"/*"}) public class CorsFilter implements
Jeecms跨域 Request header field is not allowed by Access-Control-Allow-Headers in preflight response
tabvla的博客
03-17 947
Jeecms框架,前后端分离二次开发,前端跨域报错Request header field is not allowed by Access-Control-Allow-Headers in preflight response
Request header field Content-Type is not allowed by Access-Control-Allow-Headers
zhuchunyan_aijia的博客
02-20 2110
https://blog.csdn.net/xuedapeng/article/details/79076704https://blog.csdn.net/z8414/article/details/72780263 一、问题: 跨域请求中包含自定义header字段时,浏览器console报错。 Request header field xfilesize is not allowed by...
Request header field retoken is not allowed by Access-Control-Allow-Headers in preflight response.
07-27
这个错误是由于CORS策略引起的。CORS(跨域资源共享)是一种浏览器安全机制,用于限制跨域请求。当浏览器发起跨域请求时,会先发送一个预检请求(preflight request)来检查服务器是否允许该请求。预检请求中会包含一些自定义的请求头,如token、AC-User-Agent等。服务器需要在响应的请求头中设置Access-Control-Allow-Headers来允许这些自定义请求头。 根据引用\[1\]和引用\[2\]的错误信息,可以看出服务器没有正确设置Access-Control-Allow-Headers来允许token和AC-User-Agent这两个自定义请求头。根据引用\[3\]的经验,可以尝试在服务端过滤器的Response响应的请求头中设置Access-Control-Allow-Headers为'token,content-type'来允许这两个请求头。这样就可以解决"Request header field retoken is not allowed by Access-Control-Allow-Headers in preflight response"的问题了。 #### 引用[.reference_title] - *1* *3* [Request header field token is not allowed by Access-Control-Allow-Headers in preflight response](https://blog.csdn.net/fuzhongbin/article/details/106239664)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^koosearch_v1,239^v3^insert_chatgpt"}} ] [.reference_item] - *2* [解决Request header field XXX is not allowed by access-control-allow-headers in preflight response](https://blog.csdn.net/HO1_K/article/details/126501541)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^koosearch_v1,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值