我目前正在另一个域上的 Restful API 上尝试使用 Angular ngResource
进行DELETE
类型的请求。 GET
和PUT
工作正常。 DELETE
适用于高级休息客户端Chrome扩展程序,但在尝试使用Angular $resource
时不起作用。
我注意到发送的标头有所不同,它们是这两个:
Access-Control-Request-Headers:accept
Access-Control-Request-Method:DELETE
当我尝试在高级 Rest 客户端中添加这两个标头时,我在 Chrome 控制台中收到以下错误:
Refused to set unsafe header "Access-Control-Request-Headers"
Refused to set unsafe header "Access-Control-Request-Method"
最后,当我使用 Angular 尝试DELETE
请求时,服务器(通常配置为接受跨域请求(发送以下响应(状态200
和方法使用OPTIONS
(:
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Allow:PUT,DELETE
Cache-Control:private, must-revalidate
Connection:close
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 12 Feb 2015 12:08:47 GMT
ETag:"d41d8cd98f00b204e9800998ecf8427e"
Server:Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8o DAV/2 PHP/5.5.20
但是我得到错误:
XMLHttpRequest cannot load [URL]. Method DELETE is not allowed by Access-Control-Allow-Methods.
我怀疑第一个提到的两个标题是问题的原因。它们是问题所在吗,如果是,我该如何删除它们?
如果它有帮助,我尝试配置我的$httpProvider
(如其他问题/答案所示(,目前如下所示:
delete $httpProvider.defaults.headers.common['X-Requested-With'];
delete $httpProvider.defaults.headers.common['Access-Control-Request-Method'];
delete $httpProvider.defaults.headers.common['Access-Control-Request-Headers'];
$httpProvider.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded;charset=utf-8';
您的服务器应该为响应设置 Access-Control-Allow-Methods 标头,而不是 Allow 标头,如下所示:
Access-Control-Allow-Methods:PUT,DELETE