1. 技术文章
  2. How to resolve 'preflight is invalid (redirect)' or 'redirect is not allowed for a preflight request'

How to resolve 'preflight is invalid (redirect)' or 'redirect is not allowed for a preflight request'

拟墨画扇 提交于 2019-11-26 03:31:17

问题


I have followed this step to setup my server to enable CORS. https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

But now in my browser dev console, I see this error message:

XMLHttpRequest cannot load https://serveraddress/abc. Response for preflight is invalid (redirect)

Do you know what can I do to fix it? I am making a CORS request in HTTPS. I think that is causing the \'preflight is invalid (redirect)\' failure. But I don\'t know why or what is redirecting the OPTIONS request.

Thank you.


回答1:


Your code is triggering your browser to send a CORS preflight OPTIONS request, and the server’s responding with a 3xx redirect. It needs to respond with a 2xx success message instead.

You may be able to adjust your code to avoid triggering the browser to send the OPTIONS request.

As far as what all’s going on in this case, it’s important to know that browsers do a CORS preflight if:

  • the request method is anything other than GET, HEAD, or POST
  • you’ve set custom request headers other than Accept, Accept-Language, Content-Language, Content-Type, DPR, Downlink, Save-Data, Viewport-Width, or Width
  • the Content-Type request header has a value other than application/x-www-form-urlencoded, multipart/form-data, or text/plain

If you can’t change your code to avoid need for browsers to do a preflight, then another option is:

  1. Examine the URL in the Location response header in the response to the OPTIONS request.
  2. Change your code to make the request to that other URL directly instead.

The difference between the URLs might be something as simple as a trailing slash in the path — for example, you may need to change the URL in your code to http://localhost/api/auth/login/ (notice the trailing slash) rather than http://localhost/api/auth/login (no trailing slash).

You can use the Network pane in browser devtools to examine the response to the OPTIONS request and to find the redirect URL in the value of the Location response header.




回答2:


this happens sometimes when you try calling an https service as http

for example when u perform a request on 'http://example.com/api/v2/tickets' 
which should be 'https://example.com/api/v2/tickets'


来源:https://stackoverflow.com/questions/42168773/how-to-resolve-preflight-is-invalid-redirect-or-redirect-is-not-allowed-for

标签
cors
preflight
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!