CORS - 从 Postman 伪造 CORS 预检失败 return headers
CORS - Faking a CORS preflight from Postman fails to return headers
如果我伪造来自 Postman 的 OPTIONS 预检 CORS 请求,我不会从我的 API.
获得 CORS headers
在对 Microsoft.Owin.Cors 库进行完全逆向工程后,我发现 headers 不在请求中!
这让我从 Postman 文档中发现了这个美丽的东西:
Restricted headers and cookies
Unfortunately some headers are restricted by Chrome and the
XMLHttpRequest specification. The following headers are blocked:
Accept-Charset Accept-Encoding Access-Control-Request-Headers
Access-Control-Request-Method Connection Content-Length Cookie Cookie
2 Content-Transfer-Encoding Date Expect Host Keep-Alive Origin Referer
TE Trailer Transfer-Encoding Upgrade User-Agent Via
https://www.getpostman.com/docs/requests
啊啊啊。那是我生命中回不去的一天。
我设法使用 Postman Interceptor 让它工作
我的设置如下
如果我伪造来自 Postman 的 OPTIONS 预检 CORS 请求,我不会从我的 API.
获得 CORS headers在对 Microsoft.Owin.Cors 库进行完全逆向工程后,我发现 headers 不在请求中!
这让我从 Postman 文档中发现了这个美丽的东西:
Restricted headers and cookies
Unfortunately some headers are restricted by Chrome and the XMLHttpRequest specification. The following headers are blocked:
Accept-Charset Accept-Encoding Access-Control-Request-Headers Access-Control-Request-Method Connection Content-Length Cookie Cookie 2 Content-Transfer-Encoding Date Expect Host Keep-Alive Origin Referer TE Trailer Transfer-Encoding Upgrade User-Agent Via
https://www.getpostman.com/docs/requests
啊啊啊。那是我生命中回不去的一天。
我设法使用 Postman Interceptor 让它工作
我的设置如下