我已经构建了一个API(api.example.com),并希望可以从www.example.com对其进行访问。
我也希望可以从其他域进行访问。
为此,我添加了Access-Control-Allow-Origin:*
但是,当我打开www.example.com时,在所有api请求之前都会发送预检请求(OPTIONS请求)。
如何停止多个预检请求?我认为应该只有一个飞行前要求,我在做什么错!?还是浏览器在每次调用之前都要发送预检请求是自然的吗?
注意:我不想使用JSONP,因为我使它成为可公开访问的Access-Control-Allow-Origin:*
选项呼叫标题
Accept:*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers:accept, authorization Access-Control-Request-Method:GET AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2 Connection:keep-alive Host:api.touchtalent.biz Origin:http://www.example.com Referer:http://www.example.com/artist/52894/pratim-relekar User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
选项呼叫响应
Access-Control-Allow-Headers:origin, x-requested-with, content-type, Authorization Access-Control-Allow-Methods:PUT, GET, POST, DELETE Access-Control-Allow-Origin:* Connection:Keep-Alive Content-Encoding:gzip Content-Length:163 Content-Type:text/html Date:Fri, 13 Jun 2014 14:24:55 GMT Keep-Alive:timeout=5, max=98 Server:Apache/2.2.22 (Ubuntu) Vary:Accept-Encoding X-Powered-By:PHP/5.4.6-1ubuntu1.8
GET请求请求头
Accept:application/json, text/plain, */* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2 Authorization:Bearer VtQJqaTGd7YFb8Mee6GfiLwiRrUdt2iCp9ITuiUE Connection:keep-alive Host:api.touchtalent.biz Origin:http://www.example.com Referer:http://www.example.com/artist/52894/pratim-relekar User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
GET请求响应头
Access-Control-Allow-Headers:origin, x-requested-with, content-type, Authorization Access-Control-Allow-Methods:PUT, GET, POST, DELETE Access-Control-Allow-Origin:* Connection:Keep-Alive Content-Length:1116 Content-Type:application/json Date:Fri, 13 Jun 2014 14:24:55 GMT Keep-Alive:timeout=5, max=97 Server:Apache/2.2.22 (Ubuntu) Status:200 X-Powered-By:PHP/5.4.6-1ubuntu1.8
尽管我不想提供URL,因为它会随着开发的进行而中断。但是,如果有帮助的话:http : //www.touchtalent.biz/home
更新1:
删除Authorization:Bearer VtQJqaTGd7YFb8Mee6GfiLwiRrUdt2iCp9ITuiUE
标头后,它停止发出多个预检请求。
但是删除此标头将破坏oauth的实现。我仍然必须在不删除自定义标头的情况下阻止多个预检请求。我该怎么做 ?
更新2:
添加Access-Control-Max-Age有所帮助,现在,它不为同一请求发送预检。但是对于不同的请求(不同的URL),它会发送多个OPTIONS请求。