消息是明确的，“授权”是不允许在API。集 Access-Control-Allow-Headers: "Content-Type, Authorization"

消息是明确的，“授权”是不允许在API。集 Access-Control-Allow-Headers: "Content-Type, Authorization"

这个问题用

 "Origin, X-Requested-With, Content-Type, Accept, Authorization"

特别是在我的项目(express.js/nodejs)

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
  next();
});

更新:

每次错误:Access-Control-Allow-Headers本身在preflight响应错误中是不允许的，你可以看到chrome开发工具出了什么问题:

上面的错误是缺少Content-Type，所以添加字符串Content-Type到Access-Control-Allow-Headers

如果你正在配置AWS API网关(例如，它正在从React AWS Amplify应用程序发送请求)，解决方案是附加字符串

Access-Control-Allow-Methods、Access-Control-Allow-Headers Access-Control-Allow-Origin

在启用CORS对话框fpr给定端点&方法中的Access-Control-Allow-Headers字段:

.．.然后部署API:

确保你从客户端需要的所有头信息都传递给Access-Control-Allow-Headers，否则你会一直遇到CORS问题。在这种情况下，这将是'x-api-key'，否则你会一直遇到cors问题

const options = {
  method: "GET",
  headers: new Headers({
    "X-API-Key": "ds67GHjkshjh00ZZhhsskhjgasHJHJHJ&87",
  }),
};

response.setHeader(
    "Access-Control-Allow-Headers", 
    "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, x-api-key");

再补充一点，你也可以把这些头文件放到Webpack配置文件中。我需要他们在我的情况下，因为我正在运行webpack开发服务器。

devServer: {
    headers: {
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Credentials": "true",
      "Access-Control-Allow-Methods": "GET,HEAD,OPTIONS,POST,PUT",
      "Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    }
},