不允许的方法 — 从 Angularjs 中的请求 headers 中删除 Access-Control-Request-Method

Method not allowed — removing Access-Control-Request-Method from request headers in Angularjs

我目前正在另一个域的 Restful API 上使用 Angular ngResource 尝试 DELETE 类型的请求。 GETPUT 工作正常。 DELETE 在 Advanced Rest Client Chrome 扩展中工作,但在尝试使用 Angular $resource.[=28= 时不起作用]

我注意到发送的 headers 不同,这两个是:

Access-Control-Request-Headers:accept
Access-Control-Request-Method:DELETE

当我尝试在 Advanced Rest Client 中添加这两个 headers 时,我在 Chrome 控制台中收到以下错误:

Refused to set unsafe header "Access-Control-Request-Headers"
Refused to set unsafe header "Access-Control-Request-Method"

最后,服务器(通常配置为接受 cross-domain 请求),当我使用 Angular 尝试 DELETE 请求时,发送以下响应(状态为 200 和方法使用 OPTIONS):

Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Allow:PUT,DELETE
Cache-Control:private, must-revalidate
Connection:close
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 12 Feb 2015 12:08:47 GMT
ETag:"d41d8cd98f00b204e9800998ecf8427e"
Server:Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8o DAV/2 PHP/5.5.20

但我收到错误:

XMLHttpRequest cannot load [URL]. Method DELETE is not allowed by Access-Control-Allow-Methods.

我怀疑前两个 headers 是问题的原因。它们是问题所在吗?如果是,我该如何删除它们?


如果有帮助,我尝试配置我的 $httpProvider(如在其他 questions/answers 中所见),它目前看起来像这样:

delete $httpProvider.defaults.headers.common['X-Requested-With'];
delete $httpProvider.defaults.headers.common['Access-Control-Request-Method'];
delete $httpProvider.defaults.headers.common['Access-Control-Request-Headers'];
$httpProvider.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded;charset=utf-8';

你的服务器应该设置 Access-Control-Allow-Methods header 来响应而不是像 Allow header :

Access-Control-Allow-Methods:PUT,DELETE