如果我伪造来自 Postman 的 OPTIONS 预检 CORS 请求,我不会从我的 API 返回 CORS header 。
最佳答案
在对 Microsoft.Owin.Cors 库进行完全逆向工程后,我发现 header 不在请求中!
这让我从 Postman 文档中发现了这个美丽的地方:
Restricted headers and cookies
Unfortunately some headers are restricted by Chrome and the XMLHttpRequest specification. The following headers are blocked:
Accept-Charset Accept-Encoding Access-Control-Request-Headers Access-Control-Request-Method Connection Content-Length Cookie Cookie 2 Content-Transfer-Encoding Date Expect Host Keep-Alive Origin Referer TE Trailer Transfer-Encoding Upgrade User-Agent Via
https://www.getpostman.com/docs/requests
啊啊啊。那是我生命中再也回不去的一天。
关于rest - CORS - 从 Postman 伪造 CORS 预检无法返回 header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34931193/