All geek questions in one place

AJAX REST cross-domain HTTP headers

I am studying problems with multiple domains, I have some kind of REST service call. Chrome said the following: Request header field x is not requested using Access-Control-Allow-Headers This is what I have on the Network → Headers tab:

Request URL: rest_url_on_other_domain Request Method:OPTIONS Status Code:200 OK Request Headers: Access-Control-Request-Headers:Origin, x-requested-with, content-type, accept Access-Control-Request-Method:POST Origin:http://localhost:8080 Response Headers Access-Control-Allow-Headers:Content-Type, Accept Access-Control-Allow-Methods:GET, POST Access-Control-Allow-Origin:* Access-Control-Max-Age:1728000 Cache-Control:no-cache, no-store Connection:keep-alive Content-Length:0 Date:Fri, 30 Dec 2011 11:29:12 GMT Expires:-1 Pragma:no-cache Server:nginx/1.0.2

Can someone explain about these HTTP headers? What is the problem - Some header checks on the server fail or some header checks on the client (browser) side fail . What is the idea for these Access headers? Explain in detail in simple words to understand that I will study the rest myself. Thanks in advance!

+6
source share
1 answer

What you see is a cross-origin resource preview request. The request method for such a request is OPTIONS . This is a request that the browser uses to request permission to send the actual request. You can find out more here: http://www.html5rocks.com/en/tutorials/cors/

In this particular case, the browser requests a bunch of headers (in the Access-Control-Request-Headers header). Now, in response, the Access-Control-Allow-Headers header should contain all the requested headers. In the event that there are more than the requested headers, the browser will not throw any exceptions. In this example, the response header should look like this:

 Access-Control-Allow-Headers: Origin, x-requested-with, content-type, accept

All other response headers look normal. Once the server sends this response, the browser will send a second request, which is the actual data request.

+11
source

Source: https://habr.com/ru/post/904750/

More articles:


All Articles