javascript - 对预检请求的响应未通过访问控制检查(Response to preflight request doesn't pass access control check)

Question

I'm getting this error using ngResource to call a REST API on Amazon Web Services:

(我在使用ngResource调用Amazon Web Services上的REST API时遇到此错误：)

XMLHttpRequest cannot load http://server.apiurl.com:8000/s/login?login=facebook .

(XMLHttpRequest无法加载http://server.apiurl.com:8000/s/login?login=facebook 。)

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

(对预检请求的响应未通过访问控制检查：请求的资源上不存在“ Access-Control-Allow-Origin”标头。)

Origin ' http://localhost ' is therefore not allowed access.

(因此，不允许访问源“ http：// localhost ”。)

Error 405

(错误405)

Service:

(服务：)

socialMarkt.factory('loginService', ['$resource', function($resource){    
    var apiAddress = "http://server.apiurl.com:8000/s/login/";
    return $resource(apiAddress, { login:"facebook", access_token: "@access_token" ,facebook_id: "@facebook_id" }, {
                getUser: {method:'POST'}
            });
}]);

Controller:

(控制器：)

[...]
loginService.getUser(JSON.stringify(fbObj)),
                function(data){
                    console.log(data);
                },
                function(result) {
                    console.error('Error', result.status);
                }
[...]

I'm using Chrome, and I dont know what else to do in order to fix this problem.

(我正在使用Chrome，但我不知道该怎么做才能解决此问题。)

I've even configured the server to accept headers from origin localhost .

(我什至将服务器配置为接受源localhost标头。)

  ask by Andre Mendes translate from so

Answer 1

You are running into CORS issues.

(您遇到了CORS问题。)

There are several ways to fix/workaround this.

(有几种方法可以解决此问题。)

1. Turn off CORS.

   (关闭CORS。)

   For example: how to turn off cors in chrome

   (例如： 如何关闭Chrome中的cors)

2. Use a plugin for your browser

   (使用浏览器插件)

3. Use a proxy such as nginx.

   (使用代理，例如nginx。)

   example of how to set up

   (如何设置的例子)

More verbosely, you are trying to access api.serverurl.com from localhost.

(更详细地说，您正在尝试从本地主机访问api.serverurl.com。)

This is the exact definition of cross domain request.

(这是跨域请求的确切定义。)

By either turning it off just to get your work done (OK, put poor security for you if you visit other sites and just kicks the can down the road) you can use a proxy which makes your browser think all requests come from local host when really you have local server that then calls the remote server.

(通过关闭它来完成您的工作（好吧，如果您访问其他站点并给您带来安全隐患，那么您可以使用代理）使您的浏览器认为所有请求都来自本地主机。确实，您有本地服务器，然后再调用远程服务器。)

so api.serverurl.com might become localhost:8000/api and your local nginx or other proxy will send to the correct destination.

(因此api.serverurl.com可能会变为localhost：8000 / api，并且您的本地nginx或其他代理将发送到正确的目的地。)

---

Now by popular demand, 100% more CORS info ....same great taste!

(现在，由于受欢迎的需求， CORS信息增加了100％ 。)

---

And for the downvoters.... bypassing CORS is exactly what is shown for those simply learning the front end.

(对于不愿花钱的人……绕过CORS正是那些仅仅学习前端的人所看到的。)

https://codecraft.tv/courses/angular/http/http-with-promises/

(https://codecraft.tv/courses/angular/http/http-with-promises/)