发表新帖
发表新帖

Request header field X-CSRF-TOKEN is not allowed by Access-Control-Allow-Headers

后端 未结
关注
2 582
有刺的猬
有刺的猬 2021-01-18 11:48

I\'m making a get request to embed.rock using vue and axios.

axios({
  method: \'get\',
  url: \'https://api.embed.rocks/api?url=\' + this.url,
  headers: {
2条回答
  • 余生分开走
    余生分开走 (楼主)
    2021-01-18 12:14

    Laravel is setting a global configuration to include automatically the X-CSRF-TOKEN in the headers of the request in your bootstrap.js file.

    let token = document.head.querySelector('meta[name="csrf-token"]');
if (token) {
    window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
    console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}

    Therefore, if you want to remove the token, you can achieve it like this:

    var instance = axios.create();
delete instance.defaults.headers.common['X-CSRF-TOKEN'];

instance({
    method: 'get',
    url: 'https://api.embed.rocks/api?url=' + this.url,
    headers: {
        'x-api-key': 'my-key'
    }
});

    0 讨论(0)
 看不清?
提交回复
热议问题