![]() So a response to the earlier example might look like this: HTTP/1.1 204 No ContentĪccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETEĪccess-Control-Allow-Headers: Content-Type, Accept The response would then be examined by the browser to decide whether to continue with the request or to abandon it. Access -Control -Max -Age: The maximum duration that the response to the preflight request can be cached before another call is made.Access -Control -Allow -Headers: A comma-separated list of the custom headers that are allowed to be sent.Access -Control -Allow -Methods: A comma-separated list of HTTP methods that are allowed.Access -Control -Allow -Origin: The origin that is allowed to make the request, or * if a request can be made from any origin.The server will include some Access -Control - * headers within the response to indicate whether the request that follows will be allowed or not. H 'Origin: This request basically says "I would like to make a GET request with the Content -Type and Accept headers from - is that possible?". H 'Access-Control-Request-Headers: Content-Type, Accept' \ H 'Access-Control-Request-Method: GET' \ Origin: The usual origin header that contains the script's current originĪn example of such a request might look like this: # Request curl -i -X OPTIONS localhost:3001/api/ping \.Access -Control -Request -Headers: An indication of the custom headers that will be sent with the request.Access -Control -Request -Method: The intended method of the request (e.g., GET or POST).The preflight request sets the mode as OPTIONS and sets a couple of headers to describe the actual request that is to follow: If the result of the OPTIONS call dictates that the request cannot be made, the actual request to the server will not be executed. ![]() This call is used to determine the exact CORS capabilities of the server, which is in turn used to determine whether or not the intended CORS protocol is understood. If a request does not meet the criteria for a simple request, the browser will instead make an automatic preflight request using the OPTIONS method. The request is allowed to continue as normal if it meets these criteria, and the Access -Control -Allow -Origin header is checked when the response is returned.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |