今天遇到一个跨域问题记录学习下：

一、问题：

跨域请求中包含自定义header字段时，浏览器console报错。

Request header field xfilesize is not allowed by Access-Control-Allow-Headers

二、原因：

包含自定义header字段的跨域请求，浏览器会先向服务器发送OPTIONS请求，探测该服务器是否允许自定义的跨域字段。

如果允许，则继续实际的POST／GET正常请求，否则，返回标题所示错误。

OPTIONS请求：

Request URL:http://xxx.yyy.com/zzz/api/file/uploadFile2.do

Request Method:OPTIONS

Status Code:200 OK

Remote Address:47.92.87.25:80

Referrer Policy:no-referrer-when-downgrade  

Request Headers：

Accept:*/*

Accept-Encoding:gzip, deflate

Accept-Language:zh-CN,zh;q=0.9,en;q=0.8

Access-Control-Request-Headers:content-type,xfilecategory,xfilename,xfilesize

Access-Control-Request-Method:POST

Connection:keep-alive

Host:service.bz12306.com

Origin:null

User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36  

第4行为向服务器询问是否支持跨域的自定义header字段，服务器需要适当的应答。

Access-Control-Request-Headers:content-type,xfilecategory,xfilename,xfilesize  

三、解决办法：

服务端需要对OPTIONS请求做出应答，应答header中包含 Access-Control-Allow-Headers，且值包含options请求中Access-Control-Request-Headers的值。

以下为java服务端filter中设置的OPTIONS请求处理代码。

@Override  

public void doFilter(ServletRequest req, ServletResponse resp,  

        FilterChain chain) throws IOException, ServletException {  

    try {  

        HttpServletRequest hreq = (HttpServletRequest) req;  

        HttpServletResponse hresp = (HttpServletResponse) resp;  

        //跨域

        hresp.setHeader("Access-Control-Allow-Origin", "*");  

        //跨域 Header  

        hresp.setHeader("Access-Control-Allow-Methods", "*");  

        hresp.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE");  

        // 浏览器是会先发一次options请求，如果请求通过，则继续发送正式的post请求  

        // 配置options的请求返回  

        if (hreq.getMethod().equals("OPTIONS")) {  

            hresp.setStatus(HttpStatus.SC_OK);  

            // hresp.setContentLength(0);  

            hresp.getWriter().write("OPTIONS returns OK");  

            return;  

        }  

        // Filter 只是链式处理，请求依然转发到目的地址。  

        chain.doFilter(req, resp);  

    } catch (Exception e) {  

        e.printStackTrace();  

    }  

}  

其中，这个就是所需设置的应答Header：

hresp.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE");  

＊ header中对值的大小写貌似不敏感。

转载：https://blog.csdn.net/xuedapeng/article/details/79076704

Request header field Content-Type is not allowed by Access-Control-Allow-Headers的更多相关文章

1. post请求(headers里有属性)报错：Request header field xxx is not allowed by Access-Control-Allow-Headers in preflight response

   post 请求,headers里有属性(xxx).请求时报错: XMLHttpRequest cannot load <url>. Request header field xxx is ...

2. Failed to load http&colon;&sol;&sol;localhost&colon;8080&sol;team&period;php&colon; Request header field x-jwt-header is not allowed by Access-Control-Allow-Headers in preflight response&period;

   axios 加入header之后,请求出现 Failed to load http://localhost:8080/team.php: Request header field x-jwt-head ...

3. 浏览器报错问题解决：Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight respons

   FAQ: Failed to load http://www.erpshop.com/index.php: Request header field Content-Type is not allow ...

4. Request header field &ast; is not allowed by Access-Control-Allow-Headers in preflight response问题解决

   跨域问题报错信息为:Failed to load http://192.168.30.119: Request header field language is not allowed by Acce ...

5. axios跨域请求报错：Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response&period;

   在做项目时,用到axios,数据用post提交时,老是报错,错误提示为: Access to XMLHttpRequest at 'http://127.0.0.1:3000/api/add' fro ...

6. 解决Bug&colon;Size of a request header field exceeds server limit

   用了cms 发现这玩意真不好,老是有各种奇芭的问题跳出来 有时浏览网页时会出现 Bad Request Your browser sent a request that this server cou ...

7. 9&period;如何解决出现AXIOS的Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response&period;

   问题描述: 由于restful接口需要在头部header传递两个字段: Content-Type: application/jsonAccess-Token: 84c6635800b14e0eba4f ...

8. 如何解决出现AXIOS的跨域问题：Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response&period;

   转载:https://www.cnblogs.com/caimuqing/p/6733405.html 问题描述: 由于restful接口需要在头部header传递两个字段: Content-Type ...

9. has been blocked by CORS policy&colon; Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response&period;

   https://www.cnblogs.com/caimuqing/p/6733405.html // TODO 支持跨域访问 response.setHeader("Access-Cont ...

随机推荐

1. Javascript包含对象的数组去重

   Array.prototype.clearRepeat = function(){ var result = [], obj = {}; for(var i = 0; i < this.leng ...

2. Python&lowbar;Day3&lowbar;基础3

   python基础之数据类型与变量 字典 字典一种key - value 的数据类型,使用就像我们上学用的字典,通过笔划.字母来查对应页的详细内容. 语法: info = { 'stu1101': &q ...

3. mac在线恢复教程

   上个周,我本来想升级一下Xcode,可是我的系统是10.8de,xcode5.0.1 最低支持10.8.4 所以就想升级一下我的mac的系统,可是因为我的appstore 是从别人的电脑上考过来的,要 ...

4. leetcode--011 copy list with random pointer

   aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3UAAABjCAIAAACzC75sAAAMTElEQVR4nO3cyYHivBYG0D8n0nIojo ...

5. Cassandra HBase和MongoDb性能比较

   详见: http://blog.yemou.net/article/query/info/tytfjhfascvhzxcytp68这是一篇基于亚马逊云平台上对三个主流的NoSQL数据库性能比较,在读写 ...

6. python中的类

   以下内容是python tutorial的读书笔记: 一.命名空间的分层 二.local赋值语句,nonlocal和global的区别 local赋值语句,它是无法实现对于最里层的作用域的重新绑定的 ...

7. Dlib Python 检测人脸特征点 Face Landmark Detection

   首先安装Dlib,Opencv库 Dlib安装链接:http://www.cnblogs.com/as3asddd/p/7237280.html 环境:Mac Sierra 10.12.1 Pytho ...

8. C&num;使用WebClient下载文件到本地目录

   C#使用WebClient下载文件到本地目录. 1.配置本地目录路径 <appSettings> <!--文件下载目录--> <add key="Downloa ...

9. node之文件的下载

   /** * 文件的下载 */ let express = require('express'); let app = express(); app.get('/',(req,res)=>{ re ...

10. dede DedeTag Engine Create File False

    1.在织梦后台更新文档操作时出现DedeTag Engine Create File False   解决方案: 在织梦目录include/dedetag.class.php下搜索DedeTag En ...