doujing2017 2017-01-04 11:15
浏览 110

请求需要预检,不允许遵循跨源重定向

I've an AngularJs form to send a file. When I send the file, the browser performs these requests:

OPTIONS http://localhost:3000/uploads

General

Request URL:http://localhost:8000/uploads
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:8000

Response Headers

view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Length:0
Content-Length:0
Content-Type:text/plain charset=UTF-8
Content-Type:application/octet-stream
Date:Wed, 04 Jan 2017 10:59:49 GMT
Server:nginx/1.9.14

Request Headers

view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:POST
Connection:keep-alive
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36

GET http://localhost:3000/uploads

Request Headers

Request URL:http://localhost:8000/uploads
Request Method:GET
Status Code:301 Moved Permanently
Remote Address:127.0.0.1:8000

Response Headers

view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Connection:keep-alive
Content-Length:185
Content-Type:text/html
Date:Wed, 04 Jan 2017 10:59:49 GMT
Location:http://localhost/uploads/
Server:nginx/1.9.14

Request Headers

view source
Accept:*/*; q=0.5; application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Authorization:Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJ1c2VybmFtZSI6Im1hZG8iLCJpYXQiOiIxNDgzNTE5NjE2In0.PDcaO8bbX0_OFOhHHJEmao7ZL2d1piLKymVTC_NQNd37kWjZ2F0BZa7-lrbowApfkkbi-nRzPJAoWinEmxnrstJhvN1J59EvbyBuAXNCFdbP08g_8gUS8xPZML3wZW7HieUBwkmSERXpfo08SAzMiQL44j3vtPDLq9US1NBKJQa206YsPX4lWR_rRGxx34tTj_sKf5DSymrTr4ysNRWBuEHRCrvpbclk43kZTH1AgpZHC20nWdAr20uI5BKNNaoPo93wvyYsHx7ufu4zN7bDWfvbm6s_V6rVq0SGDlfzaBLGs1vyEieHOfwNb3gW_xRSYsjFSonvY0-ydWLn5Rzd-HgWMyTVCsD8T4O8esRJWI9hDfLGkzlp2E6RLNp4qn7DpQxQOp0uEq9xL51SaAQClhwlcu0y-ehvdARYPp745vuHxG-2JJOk6OpMF6Na7FTrWuG5nAtseAA-X7wj7julT8-2NxfZQABNMJ01qvNwaAgBCtncFJgxfAzQB33kbN4hSCJ231sfQXAXU164H3fBITM1NP6b37RGrouF8D5RlgW1ErZbVkNN35a8eCKnXbbz9Sb009wEGltLvo9PHs-BxDP2L3bUzmbAYuqSpXogFmCGXF_FMM5mSidyZ_G-xKzdPoTm5NYLypXasZLG_ewzjxA4XOV5AUTjeM5hS0_xpPY
Connection:keep-alive
Content-Length:173290
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryQp4O7XmLdhbDlNMv
Cookie:selectedTheme=default; io=Scufsf96pJqb8wa7AAAE
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36

POST http://localhost:8000/uploads

Request headers

Request URL:http://localhost:8000/uploads
Request Method:POST
Status Code:301 Moved Permanently
Remote Address:127.0.0.1:8000

Response Headers

view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Connection:keep-alive
Content-Length:185
Content-Type:text/html
Date:Wed, 04 Jan 2017 10:59:49 GMT
Location:http://localhost/uploads/
Server:nginx/1.9.14

Request Headers

view source
Accept:*/*; q=0.5; application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Authorization:Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJ1c2VybmFtZSI6Im1hZG8iLCJpYXQiOiIxNDgzNTE5NjE2In0.PDcaO8bbX0_OFOhHHJEmao7ZL2d1piLKymVTC_NQNd37kWjZ2F0BZa7-lrbowApfkkbi-nRzPJAoWinEmxnrstJhvN1J59EvbyBuAXNCFdbP08g_8gUS8xPZML3wZW7HieUBwkmSERXpfo08SAzMiQL44j3vtPDLq9US1NBKJQa206YsPX4lWR_rRGxx34tTj_sKf5DSymrTr4ysNRWBuEHRCrvpbclk43kZTH1AgpZHC20nWdAr20uI5BKNNaoPo93wvyYsHx7ufu4zN7bDWfvbm6s_V6rVq0SGDlfzaBLGs1vyEieHOfwNb3gW_xRSYsjFSonvY0-ydWLn5Rzd-HgWMyTVCsD8T4O8esRJWI9hDfLGkzlp2E6RLNp4qn7DpQxQOp0uEq9xL51SaAQClhwlcu0y-ehvdARYPp745vuHxG-2JJOk6OpMF6Na7FTrWuG5nAtseAA-X7wj7julT8-2NxfZQABNMJ01qvNwaAgBCtncFJgxfAzQB33kbN4hSCJ231sfQXAXU164H3fBITM1NP6b37RGrouF8D5RlgW1ErZbVkNN35a8eCKnXbbz9Sb009wEGltLvo9PHs-BxDP2L3bUzmbAYuqSpXogFmCGXF_FMM5mSidyZ_G-xKzdPoTm5NYLypXasZLG_ewzjxA4XOV5AUTjeM5hS0_xpPY
Connection:keep-alive
Content-Length:173290
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryQp4O7XmLdhbDlNMv
Cookie:selectedTheme=default; io=Scufsf96pJqb8wa7AAAE
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Request Payload
------WebKitFormBoundaryQp4O7XmLdhbDlNMv
Content-Disposition: form-data; name="importFiles"; filename="Clio.jpeg"
Content-Type: image/jpeg


------WebKitFormBoundaryQp4O7XmLdhbDlNMv--

I've also configured my Nginx with:

location /uploads {
     if ($request_method = 'OPTIONS') {
        add_header 'Accept' '*/*';
        add_header 'Access-Control-Allow-Origin' $http_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 200;
     }
     if ($request_method = 'POST') {
        add_header 'Accept' '*/*';
        add_header 'Access-Control-Allow-Origin' $http_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
     }
     if ($request_method = 'GET') {
        add_header 'Accept' '*/*';
        add_header 'Access-Control-Allow-Origin' $http_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
     }
}

I always get same error:

XMLHttpRequest cannot load http://localhost:8000/uploads. Redirect from 'http://localhost:8000/uploads' to 'http://localhost/uploads/' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.

I've NelmioCorsBundle:

270 nelmio_cors:
  1     defaults:
  2         allow_credentials: false
  3         allow_origin: []
  4         allow_headers: []
  5         allow_methods: []
  6         expose_headers: []
  7         max_age: 0
  8         hosts: []
  9         origin_regex: false
 10     paths:
 11         '^/':
 12             allow_origin: ['*']
 13             allow_headers: ['*']
 14             allow_methods: ['POST', 'PUT', 'PATCH', 'GET', 'DELETE', 'OPTIONS', 'LINK', 'UNLINK']
 15             max_age: 3600

Can someone explain me what's wrong? Why I cannot upload files? What's wrong in my configuration?

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 树莓派与pix飞控通信
    • ¥15 自动转发微信群信息到另外一个微信群
    • ¥15 outlook无法配置成功
    • ¥30 这是哪个作者做的宝宝起名网站
    • ¥60 版本过低apk如何修改可以兼容新的安卓系统
    • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
    • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
    • ¥50 有数据,怎么用matlab求全要素生产率
    • ¥15 TI的insta-spin例程
    • ¥15 完成下列问题完成下列问题