gpt4 book ai didi

angularjs - Angular JS。预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段 Access-Control-Allow-Origin

转载 作者:可可西里 更新时间:2023-11-01 16:40:28 25 4
gpt4 key购买 nike

我已经尝试了所有的东西,使用 CORS 插件。在 chrome 中禁用网络安全。 响应来自 POSTMAN,但无法在 $http 中获取。

$http({
url: "https://interview-api-staging.bytemark.co/books",
method: 'GET',
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,POST,GET,OPTIONS,PUT,DELETE',
'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'
}
}).then(function(d) {
console.log(d);
});

最佳答案

Client has nothing to do with it. With a CORS header, you're telling the client which other servers do I trust. Those then can share your resources and client won't mind.

For example if you have two domains you tell the client so let your resources be used by your second website, you don't say I trust you as a client.

So you're protecting the server, not client. You don't want AJAX API Endpoints to be accessible by scripts hosted anywhere in the world.

A client has nothing to gain/lose from this. It's only a protection for servers because using AJAX all the URLs are clearly visible to anyone and had it been not for this protection, anybody could go-ahead run their front end using your API, only servers have to lose from this so they get to decide who can use their resources.

source .

如前所述,您无需在前端执行任何与 cors 相关的操作。确保 cors header 是从后端在其响应 header 中发送的。

服务器必须保护自己,所以他们必须告诉客户端一些规则,客户端将遵循哪些规则。默认情况下,客户端将接受所有内容。

关于angularjs - Angular JS。预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段 Access-Control-Allow-Origin,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46337042/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com