使用navigation.sendBeacon发送应用程序/ json数据,预检成功但不能发布
我有使用sendBeacon发布数据到服务器的问题。
它工作在铬(因为Chrome似乎跳过预检),但在Firefox中预检(OPTIONS)与请求标头一起发送:
Host: example.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: http://example.com Connection: keep-alive 而来自服务器的响应是200:
Date: Tue, 23 May 2017 15:53:56 GMT Content-Type: text/html; charset=utf-8 Set-Cookie: __cfduid=df2864c1da991df4abc28d3e73db7ab8f1495554836;expires=Wed, 23-May-18 15:53:56 GMT; path=/; domain=.medialaben.no;HttpOnly X-Powered-By: Express Access-Control-Allow-Origin: * access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-headers: content-type,Authorization,Origin,Connection,Accept Allow: POST Server: cloudflare-nginx cf-ray: 363930e0688e3cfb-CPH Content-Encoding: gzip X-Firefox-Spdy: h2
客户端代码:
let inscreenCollection = [someObject, someObject2] let headers = { type: "application/json" }; let blob = new Blob([JSON.stringify(inscreenCollection)], headers); navigator.sendBeacon(URL, blob);
服务器使用npm的CORS包:
const corsOptions = { optionsSuccessStatus: 200, credentials: true, allowedHeaders: 'Content-Type', preflightContinue: true, } app.options('/a/', cors(corsOptions)); app.post('/a/', cors(corsOptions), (req, res) => { // do stuff });
编辑:错误消息是Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*').
任何人都知道这个问题可能在这里?
信标确实在某些情况下发送证书,所以你要避免这些情况或避免使用来源*。
由sendBeacon发起的请求受以下属性的限制:
如果有效载荷是application / x-www-form-urlencoded,multipart / form-data或text / plain之一,则请求是一个简单的请求,不需要额外的CORS预检; 和脚本化的form-post或者XHR / fetch一样。
否则,如果有效载荷是一个Blob,并且得到的Content-Type不是一个简单的头,那么CORS预检就会产生,服务器需要通过返回适当的CORS头集( Access-Control-Allow- Access-Control-Allow-Header,Access-Control-Allow-Headers); 和XHR / fetch一样。