小贝子编程

c-我用cURL正确模拟CORS吗?我需要实现OPTIONS请求吗



我不太擅长web服务器的开发,也不太了解http头是如何工作的。我读了不少书,但还是有点困惑。目前我正在尝试用cURL模拟CORS请求。(个人发展需要它)。为此,我找到了一个用C编写的简单REST服务器(C是我最熟悉的语言)。代码实际上位于此处。我发现这篇文章解释了如何模拟CORS。

问题是:

如果我运行

curl -H "Origin: http://localhost:3000" 
-H "Access-Control-Request-Method: POST" 
-H "Access-Control-Request-Headers: X-Requested-With" 
-X OPTIONS --verbose 
http://localhost:8537/test

请求失败,出现以下响应

*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> OPTIONS /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 404 Not Found
< Connection: Keep-Alive
< Content-Length: 32
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:21:59 GMT
<
* Connection #0 to host localhost left intact
Page not found, do what you want

但是,如果我用-X POST而不是-X OPTIONS运行相同的请求,即

curl -H "Origin: http://localhost:3000" 
-H "Access-Control-Request-Method: POST" 
-H "Access-Control-Request-Headers: X-Requested-With" 
-X POST --verbose 
http://localhost:8537/test

请求成功并得到以下响应:

*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8537 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8537 (#0)
> POST /test HTTP/1.1
> Host: localhost:8537
> User-Agent: curl/7.61.1
> Accept: */*
> Origin: http://localhost:3000
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Request-With
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 19
< Access-Control-Allow-Origin: *
< Date: Sat, 12 Jan 2019 02:25:28 GMT
<
Hello World!
* Connection #0 to host localhost left intact
(null)

如果执行,我会得到相同的结果

curl -H "Origin: http://localhost:3000" -X OPTIONS --verbose http://localhost:8537/test


curl -H "Origin: http://localhost:3000" -X POST --verbose http://localhost:8537/test

即请求以OPTIONS请求失败并且以POST请求成功。

代码确实允许CORS(至少我认为是这样)。这是的代码行

u_map_put(instance.default_headers, "Access-Control-Allow-Origin", "*");

以下是问题:

  1. 要模拟CORS,我需要使用OPTIONS请求还是POST请求
  2. 如果我要编写一个类似于示例中的服务器,我是否需要实现OPTIONS响应,或者我可以使用POST/get

在CORS中,OPTIONS用于飞行前请求。如果您只发出"简单"的CORS请求,则不一定需要处理OPTIONS请求。

您可以在这里阅读简单CORS请求的定义。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium