发表新帖
发表新帖

GET request with Basic Auth working from Postman but not from the browser

前端 未结
关注
3 1383
眼角桃花
眼角桃花 2021-01-05 23:44

I\'m working with an odata api, and when I\'m using postman to do a GET request, works perfect and I get the response as I was expecting.

But when I use a fetch req

相关标签:
3条回答
  • -上瘾入骨i
    2021-01-06 00:16

    You are experiencing a CORS issue, in order to get past it you need to enable CORS on your backend.

    0 讨论(0)
  • 无人共我
    2021-01-06 00:33

    This is most likely because Postman is probably not sending a preflight Options request before your GET, and upon receipt of the GET response doesn't perform any kind of cors check (since it wouldn't really make sense to anyway).

    On the other hand, when running code from your webpage Chrome is both performing a preflight Options in order to ascertain what cross-domain request parameters it's allowed to send to the remote server and checking if the response to the Options req has the appropriate Access-Control-Allow-Origin header on to authorise your origin (i.e. the domain of the page you're making the request from).

    Typically, a preflight Options is sent to the server by a browser to ask the server if it's allowed to perform the operation it's about to perform - in your case, a GET. If the remote (cross-domain) server doesn't respond to the prelight Options request with the correct headers in the response authorising your GET then the browser won't send one. You're not even getting that far however, since the response to your Options request doesn't even itself pass a cors origin check.

    If you control the server, you need to respond to the Options request by setting the Access-Control-Allow-Origin header on the response to include the origin of your request page, and also to set the Access-Control-Allow-Methods to include GET (and probably OPTIONS). If you don't control the remote server, it's likely any normal api service such as the one you're trying to hit has some configuration in their backend you can set somewhere to authorise your origin.

    You can read up more on cors behaviour here

    0 讨论(0)
  • 盖世英雄少女心
    2021-01-06 00:33

    Ideal way is to allow at your server to allow calls from different domain, but if you don't have access to back-end, and testing services, you can install this chrome plugin to bypass pre-flight requests. cors chrome extension

    0 讨论(0)
 看不清?
提交回复
热议问题