问题描述
我刚刚发现我的浏览器在尝试使用自定义http标头进行跨域ajax调用时发送了额外的OPTION请求。
我认为它被称为预检请求。
I've just found out that my browser was sending an extra "OPTION" request when trying to make a cross domain ajax call with a custom http header.I presume it is called "preflight request".
是否可以禁用此功能并发送初始请求?
Is it possible to disable this functionality and just send the initial request ?
这是我的javascript测试代码:
This is my javascript testing code :
$(document).ready(function() {
$.ajax({
url: "http://google.fr",
crossDomain: true,
headers: {
"X-custom-parameter": true
}
});
});
感谢您的帮助!
推荐答案
不,绝对不可能绕过CORS预检请求。预检请求的存在是为了以安全的方式允许跨域请求。在上面的示例中,您尝试访问google.fr,但google.fr不支持CORS。 Google无法解决此问题,因为Google不支持其网页上的跨域请求。通常,如果您拥有服务器的所有权,那么您的选择是支持CORS,支持JSON-P等替代跨域攻击,或者使用服务器端代理。
No, it is definitely not possible to bypass the CORS preflight request. The preflight request exists to allow cross-domain requests in a safe manner. In your example above, you are trying to access google.fr, but google.fr doesn't support CORS. There is no way around this for Google, since Google doesn't support cross-domain requests on its web page. In general, if you have ownership of the server, your options are to support CORS, support alternative cross-domain hacks like JSON-P, or use a server-side proxy.
这篇关于使用自定义HTTP标头发送跨域请求时禁用预检OPTION请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!