Answers
但是postman还是无效的,应该是是插件问题或者?
postman是基于浏览器的插件,发出的请求都是通过调用
ajax/xmlhttprequest
的方式,必然受到浏览器的安全限制:
- 首先 XMLHttpRequest 出于安全考虑是不支持跨域的, 这一点postman已经向浏览器声明了需要跨域的权限
- 其次,部分header同样由于安全原因,是无法在浏览器中set的,受制于浏览器的用户特性
具体哪些header不能set,要看
XMLHttpRequest.js
的源码实现
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method",
"connection",
"content-length",
"content-transfer-encoding",
"cookie",
"cookie2",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"via" ];
nueby
answered 10 years, 3 months ago