我正在使用angularjs2http 服务发送 http 请求。在登录 API 中,我发送带有用户凭据的发布请求,后端服务器session_id在响应中生成一个并将其保存在 cookie 中。这session_id不会显示在 Angularjs 的 http 响应对象中。但我可以从 chrome 调试网络面板中看到这个值。网络下有一个Cookies选项卡。从那里我可以看到session_id它的价值。登录成功后,我使用以下代码发送下一个 http 请求:
let options = new RequestOptions({headers: this.headers, withCredentials: true });
return this.http.get(url, options)
但我得到以下错误响应:
XMLHttpRequest cannot load https://backendjump.net/user/. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
当我在 chrome 上调试请求时,我发现请求标头如下所示:
Request URL:https://testapi.net/user/
Request Method:OPTIONS
Status Code:204 No Content
Remote Address:52.43.21.19:443
Referrer Policy:no-referrer-when-downgrade
它不包括上面提到的cookie session_id。另一个有趣的事情是,Request Method变成OPTIONSnot GET。
我不知道如何解决这个问题。是后端问题还是前端问题?