gpt4 book ai didi

http - CORS 和 HTTP 基本身份验证

转载 作者:可可西里 更新时间:2023-11-01 15:09:09 24 4
gpt4 key购买 nike

如果包含基本身份验证,预检 HTTP 请求会是什么样子?喜欢下面的对话吗?我很难理解哪些 header 需要发送到哪里,还因为无法使用 Firebug 正确调试它

客户:

OPTIONS /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Origin: http://jsconsole.com

服务器:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true

客户:

GET /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Access-Control-Allow-Credentials: true
Origin: http://jsconsole.com

服务器:

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
WWW-Authenticate: Basic realm="Authorisation Required"

客户:

GET /api/resource HTTP/1.1
Access-Control-Allow-Credentials: true
Authorization: Basic base64encodedUserAndPassword
Access-Control-Request-Method: GET
Origin: http://jsconsole.com

服务器:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true

最佳答案

如果您请求凭据,则服务器必须在 Access-Control-Allow-Origin 响应 header 中使用特定来源进行响应(因此不能使用通配符 *)。当然,它也需要使用 Access-Control-Allow-Credentials 响应 header 进行响应。

关于http - CORS 和 HTTP 基本身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18499465/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com