Access to XMLHttpRequest at 'url' from origin 'null' has been blocked by CORS policy: Request header

最新推荐文章于 2025-03-13 16:32:22 发布
最新推荐文章于 2025-03-13 16:32:22 发布
阅读量10w+ 收藏 48
点赞数 23
分类专栏: html 文章标签: 跨域 ajax
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/zhangcc233/article/details/86627384
版权

Access to XMLHttpRequest at 'url' from origin 'null' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.


当跨域请求接口时可能会发生以下错误:
在这里插入图片描述
问题描述:Access to XMLHttpRequest at ‘url’ from origin ‘null’ has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

具体原因:Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response

预运行响应中的访问控制允许头不允许请求头字段内容类型,也就是我们的请求head中包含了不允许的字段内容。

原因:
包含自定义header字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是否允许自定义的跨域字段。如果允许,则继续实际的POST/GET正常请求,否则,返回标题所示错误。
看看请求:
在这里插入图片描述
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

找到了!Access-Control-Request-Headers: content-type 中包含了content-type这个字段。

找到了不包含的字段,那么只需要在系统的过滤器(filter)中设置响应头包含该字段即可。
解决:

    @Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		//跨域请求,*代表允许全部类型
		response.setHeader("Access-Control-Allow-Origin", "*");
		//允许请求方式
		response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
		//用来指定本次预检请求的有效期,单位为秒,在此期间不用发出另一条预检请求
		response.setHeader("Access-Control-Max-Age", "3600");
		//请求包含的字段内容,如有多个可用哪个逗号分隔如下
		response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,Authorization, x-ui-request,lang");
		//访问控制允许凭据,true为允许
		response.setHeader("Access-Control-Allow-Credentials", "true");
		// 浏览器是会先发一次options请求,如果请求通过,则继续发送正式的post请求
        // 配置options的请求返回
		if (request.getMethod().equals("OPTIONS")) {
			response.setStatus(HttpStatus.SC_OK);
			response.getWriter().write("OPTIONS returns OK");
			return;
		}
		// 传递业务请求处理
		chain.doFilter(servletRequest, servletResponse);
	}

以上便是解决跨域请求不包含字段内容情况,如其他情况出现,可照以上思路解决。

【Vue-SpringBug已解决】has been blocked by CORS policy: The value of the······
一键难忘的博客
04-12 2423
这个报错提示是因为在请求中,请求头中设置了 withCredentials 参数为 true,表示请求需要使用凭证(如 cookies、HTTP 认证等)。而在响应头中,Access-Control-Allow-Origin 的值不能是通配符 *,必须是具体的名。另外,如果你在发送请求时需要携带 cookies 或其他凭证,还需要在请求头中设置 withCredentials 参数为 true。如果需要全局配置支持,应该使用上一条回答中提到的方式,在配置类中设置。
CORS error错误 has been blocked by CORS policy前端请求浏览器出错
m0_67265464的博客
03-03 1万+
问题简述 通过vue的axious拦截全局请求在请求头上加了identify和token字段后,访问后端zuul网关,浏览器出现错误,导致后台接收不了http包的自定义header字段,并不能很好的进行网关的鉴权。 错误如下: Access to XMLHttpRequest at ‘http://127.0.0.1:27000/api/v1/index-infos’ from origin ‘http://’ has been blocked by CORS policy: Request header
CROS 预检请求 异常解决方法 authorization is not allowed by Access-Control-Allow-Headers in preflight response
Tekin 是深耕技术 20 年的全栈实战派专家,精通 Go/Python/Java 等多语言开发。博客专注技术原理与实战结合,深度解析 Python 高阶编程、Go 语言架构、数据库优化等硬核内容。涵盖并发编程、机器学习、云原生等前沿领域,通过真实案例拆
05-30 675
CROS 预检请求 异常解决方法 has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Access to XMLHttpRequest at ‘http:xxx‘ from origin ‘null‘ has been blocked by CORS policy: No ‘Acces
Saehun1994的博客
07-02 1960
具体来说,错误中提到的“Access to XMLHttpRequest at 'http:xxx' from origin 'null' has been blocked by CORS policy”意味着从“null”这个源(通常是因为你的代码是在本地文件系统中直接打开而不是通过服务器运行的)向“http:xxx”这个地址发送请求时被CORS策略阻止了。头部,你可以将其设置为你的前端服务器的URL(如果你希望只允许来自该URL的请求)或。(允许来自任何源的请求,但出于安全考虑,通常不推荐)。
解决问题:Access to XMLHttpRequest at ‘http://localhost:8080/xxx‘ No ‘Access-Control-Allow-Origin‘ head
最新发布
weixin_59997843的博客
03-13 2098
提供了简洁的注解驱动方式解决问题,适用于快速开发场景。对于企业级应用,建议通过全局配置统一管理规则,兼顾安全性和可维护性。通过合理配置来源、方法和头信息,既能保障接口的开放性,又能有效防范潜在的安全风险。最近,华为云与硅基流动联合推出了一款强大的 AI 模型——满血版 DeepSeek R1。这款模型不仅性能强大,更重要的是,注册即送 2000 万 Token!对于开发者、研究人员和 AI 爱好者来说,这无疑是一个巨大的福利。那么,2000 万 Token 到底是什么概念?点击这里注册。
import/export实验-from origin ‘null‘ has been blocked by CORS policy:
xie__jin__cheng的博客
10-11 5410
1.问题 Access to script at 'file:///D:/java/tomcat8-ac/webapps/web1/imt.js' 访问'file:///D:/java/tomcat8-ac/webapps/web1/imt.js' from origin 'null' has been blocked by CORS policy: 从原点“null”已被CORS策略阻止: Cross origin requests are only supported for protoc.
from origin ‘null‘ has been blocked by CORS policy: Request header field token is not allowed by Acc
qq_40886696的博客
09-03 9030
from origin ‘null’ has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response. 遇到这种类似的问题一般都是请求问题,后端可以这样设置返回请求头 然后就可以请求成功了,因为携带token请求头,所以需要 response.setHeader("Access-Control-Allow-H
from origin ‘null‘ has been blocked by CORS policy: Cross origin requests are only supported for ...
Dawnchen1的博客
05-27 1万+
源资源请求问题解决方案 问题描述:当我们在vsCode中使用 open in brower插件打开html文件文件时,就会报错 xxx已被CORS策略阻止,引入的资源还会失效。 解决办法1 :Live Server插件 在vsCode的插件市场中搜索并安装Live Server插件: 安装好后,右键要打开的文件,就会出现“Open with Live Serve”选项,这样打开文件就不会报错了: 解决办法2:anywhere 在vsCode控制台或者cmd中安装npm install anywhe
解决问题(从浏览器读取本地文件)from origin ‘null‘ has been blocked by CORS policy
m0_62172798的博客
04-26 8386
在学习d3.js的过程中,通过d3.csv()读取本地csv文件的过程中出现了错误,错误如下:Access to fetch at 'file:///D:/%E5%AD%A6%E4%B9%A0%E8%B5%84%E6%96%99%EF%BC%88%E7%A1%95%EF%BC%89/htmlcssjsvue/code/d3.js/data222.csv' from origin 'null' has been blocked by CORS policy: Cross origin requests a
vue用axios进行token请求出现has been blocked by CORS policy: No ‘Access-Control-Allow-Originheader的解决方案
FHlang的博客
04-16 4345
遇到的问题 Access to XMLHttpRequest at ‘http://localhost:8081/order/no’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: No ‘Access-Control-Allow-Originheader is present on the requested resource. 翻译:通过CORS策略已阻止从源"http:// localhost:8080"
xmlHttpRequest from origin has been blocked by CORS policy: Response preflight
08-16
- *1* [has been blocked by CORS policy: Response to preflight request doesn‘t pass access control check](https://blog.youkuaiyun.com/csdn_avatar_2019/article/details/126538547)[target="_blank" data-report-...
前端主流解决方案(Access to XMLHttpRequest at ‘http..’ from origin ‘null‘ has been blocked by CORS policy
weixin_43239880的博客
04-06 3万+
前端主流解决方案(Access to XMLHttpRequest at ‘http..’ from origin ‘null‘ has been blocked by CORS policy
Access to XMLHttpRequest at ‘url‘ from origin ‘null‘ has been blocked by CORS policy: Request header
wejack的专栏
03-23 413
https://blog.youkuaiyun.com/zhangcc233/article/details/86627384
前端项目启动报错:from origin ‘null‘ has beenblocked by CORS policy: Cross origin requests are only supported
2201_75568521的博客
08-25 4173
把本地图片地址转成http//https 网址再用项目就可以启动不会报错啦。
Access to XMLHttpRequest at from origin 'null' has been blocked by CORS policy:
eadela的博客
04-19 2986
Access to XMLHttpRequest at 'file:///F:/vue/vue20200414/%E5%BD%92%E6%A1%A3/%E5%BD%92%E6%A1%A3/04%20day_vue/axios2.html' from origin 'null' has been blocked by CORS policy: Cross origin requests are on...
报错 | from origin ‘null‘ has been blocked by CORS policy
A123ppleQueen的博客
05-24 4798
遇见原因:就是用vs做一个es6的模块化示列,看了下翻译,估计是因为协议不同 解决办法:用vs的插件 Live server运行它,不用浏览器
引用import的JS报错:Access to script at 'file:' from origin 'null' has been blocked by CORS policy(3种解决手段)
xiao廸要飞
05-12 4万+
直接引用带有import关键字的JS脚本会报错:Access to script at ‘file:from origin ‘null’ has been blocked by CORS policy index.html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=devic
from origin ‘null‘ has been blocked by CORS policy: Cross origin requests are only supported for pr
qq_51660806的博客
07-18 4814
解决办法: 右键----Open in Live Server (必须以服务器的形式打开);在加载JS模块的时候,报错!
origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present
热门推荐
mcfeng blog
09-16 6万+
aa
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值