我正在从第三方托管的脚本到我的端点执行 ajax 调用。
在 Chrome 中,预检调用如下所示:
GENERAL
Request URL: https://my_endpoints_url
Request Method: OPTIONS
Status Code: 200
Remote Address: 21.188.37.117:443
Referrer Policy: origin-when-cross-origin
RESPONSE HEADERS
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
allow: OPTIONS, TRACE, GET, HEAD, POST
content-length: 0
date: Thu, 14 Jan 2021 15:45:17 GMT
public: OPTIONS, TRACE, GET, HEAD, POST
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
x-powered-by: ASP.NET
REQUEST HEADERS
:authority: my_endpoints_host
:method: OPTIONS
:path: my_endpoints_path
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: fr,en-US;q=0.9,en;q=0.8,ca;q=0.7,es;q=0.6,pt;q=0.5
access-control-request-headers: authorization,content-type
access-control-request-method: POST
origin: https://c.cs160.visual.force.com
referer: https://c.cs160.visual.force.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
我将端点的服务器配置为允许每个标头、方法和来源,在响应标头中可见。尽管如此,Chrome 还是不断取消后续的 POST 请求。
我错过了什么?
编辑:如果我从服务器响应中删除访问控制允许标头,Chrome 会在控制台中写入正确的错误消息“请求标头字段内容类型不允许访问控制允许标头在预检响应中。” 并且 POST 请求在网络选项卡中被标记为(失败)。添加 access-control-allow-headers :" * "时,没有错误信息,POST请求被标记为(canceled)
谢谢