我不太擅长web服务器的开发,也不太了解http头是如何工作的。我读了不少书,但还是有点困惑。目前我正在尝试用cURL模拟CORS请求。(个人发展需要它)。为此,我找到了一个用C编写的简单REST服务器(C是我最熟悉的语言)。代码实际上位于此处。我发现这篇文章解释了如何模拟CORS。
问题是:
如果我运行
curl -H "Origin: http://localhost:3000"
-H "Access-Control-Request-Method: POST"
-H "Access-Control-Request-Headers: X-Requested-With"
-X OPTIONS --verbose
http://localhost:8537/test
请求失败,出现以下响应
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> OPTIONS /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 404 Not Found
< Connection: Keep-Alive
< Content-Length: 32
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:21:59 GMT
<
* Connection #0 to host localhost left intact
Page not found, do what you want
但是,如果我用-X POST
而不是-X OPTIONS
运行相同的请求,即
curl -H "Origin: http://localhost:3000"
-H "Access-Control-Request-Method: POST"
-H "Access-Control-Request-Headers: X-Requested-With"
-X POST --verbose
http://localhost:8537/test
请求成功并得到以下响应:
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> POST /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 19
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:25:28 GMT
<
Hello World!
* Connection #0 to host localhost left intact
(null)
如果执行,我会得到相同的结果
curl -H "Origin: http://localhost:3000" -X OPTIONS --verbose http://localhost:8537/test
和
curl -H "Origin: http://localhost:3000" -X POST --verbose http://localhost:8537/test
即请求以OPTIONS请求失败并且以POST请求成功。
代码确实允许CORS(至少我认为是这样)。这是的代码行
u_map_put(instance.default_headers, "Access-Control-Allow-Origin", "*");
以下是问题:
- 要模拟CORS,我需要使用OPTIONS请求还是POST请求
- 如果我要编写一个类似于示例中的服务器,我是否需要实现OPTIONS响应,或者我可以使用POST/get
在CORS中,OPTIONS
用于飞行前请求。如果您只发出"简单"的CORS请求,则不一定需要处理OPTIONS
请求。
您可以在这里阅读简单CORS请求的定义。