如果请求 same-origin 但不遵循 header 准则,是否会触发预检请求?
Will a preflight request be triggered if the request is same-origin but does not follow the header guidelines?
发件人:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
The following is an example of a request that will be preflighted:
const xhr = new XMLHttpRequest();
xhr.open('POST', 'https://bar.other/resources/post-here/');
xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
xhr.setRequestHeader('Content-Type', 'application/xml');
xhr.onreadystatechange = handler;
xhr.send('<person><name>Arun</name></person>');
The example above creates an XML body to send with the POST request.
Also, a non-standard HTTP X-PINGOTHER request header is set. Such
headers are not part of HTTP/1.1, but are generally useful to web
applications. Since the request uses a Content-Type of
application/xml, and since a custom header is set, this request is
preflighted.
如果请求 same-origin 但不遵循 header 准则,是否会触发预检请求?
不,预检请求仅针对跨站点请求。如果您查看 MDN 文章的开头,有一张图片明确表示“同源请求(始终允许)”作为示例。
如果 运行 SO 在黑暗模式下,下图不是很明显,如果是,请查看下面 url 文章中的图像。
发件人:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
The following is an example of a request that will be preflighted:
const xhr = new XMLHttpRequest(); xhr.open('POST', 'https://bar.other/resources/post-here/'); xhr.setRequestHeader('X-PINGOTHER', 'pingpong'); xhr.setRequestHeader('Content-Type', 'application/xml'); xhr.onreadystatechange = handler; xhr.send('<person><name>Arun</name></person>');The example above creates an XML body to send with the
POSTrequest. Also, a non-standard HTTPX-PINGOTHERrequest header is set. Such headers are not part of HTTP/1.1, but are generally useful to web applications. Since the request uses aContent-Typeofapplication/xml, and since a custom header is set, this request is preflighted.
如果请求 same-origin 但不遵循 header 准则,是否会触发预检请求?
不,预检请求仅针对跨站点请求。如果您查看 MDN 文章的开头,有一张图片明确表示“同源请求(始终允许)”作为示例。
如果 运行 SO 在黑暗模式下,下图不是很明显,如果是,请查看下面 url 文章中的图像。