javascript - 飞行前 OPTIONS 请求 CORS

Question

我在开发中使用这样的中间调用cors

app.use(cors({origin: 'http://localhost:8100'}));

对于每个路由请求，我开始看到 2 个请求:

这种情况在生产中还会发生吗？这是个问题吗？

Answer 1

是的，这种情况还会继续发生。不，这不是问题，除非您创建了与其冲突的路由。

浏览器使用 OPTIONS 请求来检测服务器对该特定端点的 CORS 支持。

来自Mozilla MDN :

... for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request method, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method.

...

Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data.