Come to popular science first:
Content-Type type:
Common media format types are as follows:
text/html : HTML格式
text/plain :纯文本格式
text/xml : XML格式
image/gif :gif图片格式
image/jpeg :jpg图片格式
image/png:png图片格式
Media format types starting with application:
application/xhtml+xml :XHTML格式
application/xml: XML数据格式
application/atom+xml :Atom XML聚合格式
application/json: JSON数据格式
application/pdf:pdf格式
application/msword : Word文档格式
application/octet-stream : 二进制流数据(如常见的文件下载)
application/x-www-form-urlencoded : <form encType=””>中默认的encType,form表单数据被编码为key/value格式发送到服务器(表单默认的提交数据的格式)
upload files
multipart/form-data : 需要在表单中进行文件上传时,就需要使用该格式
Ordinary post submissions can be obtained by using $_POST['xxx'] in php, and the content-type at this time: application/x-www-form-urlencoded
If the front-end content-type=application/jsoncannot $_POST['xxx']receive the input parameters of the post,
if you want to receive information at this time, you need to use file_get_contents("php://input")
After obtaining the information,json_decode($post,true);
Another problem:
At this time, it is found that each time the interface is refreshed, there are two requests. The first time is the POSTsecond time. OPTION
The reason for the option request is that a complex request is generated.
2.1 What is OPTIONS request?
CORS MDN describes it like this
The cross-origin resource sharing standard adds a new set of HTTP header fields, allowing the server to declare which origin sites have permission to access which resources through the browser. In addition, the specification requires that for those HTTP request methods that may have side effects on server data (especially HTTP requests other than GET, or POST requests with certain MIME types), the browser must first use the OPTIONS method to initiate a preflight request ( preflight request), so as to know whether the server allows the cross-domain request. After the server confirms the permission, the actual HTTP request is initiated. In the return of the preflight request, the server can also notify the client whether to carry identity credentials (including Cookies and HTTP authentication related data).
The OPTIONS request is a preflight request, which can be used to detect the http methods allowed by the server. When a cross-domain request is initiated, due to security reasons, when certain conditions are triggered, the browser will automatically initiate an OPTIONS request before the formal request, that is, a CORS pre-check request. If the server accepts the cross-domain request, the browser will continue to initiate the formal request.
2.2 Which requests will send options request?
Here we will talk about the classification of requests: simple requests and preflight requests.
Simple request: meet the following conditions (daily development basically only pays attention to the first two)
使用GET、POST、HEAD其中一种方法
只使用了如下的安全首部字段,不得人为设置其他首部字段
Accept
Accept-Language
Content-Language
Content-Type 仅限以下三种:
text/plain
multipart/form-data
application/x-www-form-urlencoded
HTML header header field:
any XMLHttpRequestUpload object in the DPR, Download, Save-Data, Viewport-Width, WIdth request does not register any event listener; the XMLHttpRequestUpload object can be accessed using the XMLHttpRequest.upload attribute.
The ReadableStream object is not used in the request
Preflight request: meet the following conditions
1.使用了PUT、DELETE、CONNECT、OPTIONS、TRACE、PATCH方法
2.人为设置了非规定内的其他首部字段,参考上面简单请求的安全字段集合,还要特别注意Content-Type的类型
3\XMLHttpRequestUpload 对象注册了任何事件监听器
4、请求中使用了ReadableStream对象
Requests come with credentials > .cookies
发起请求时设置withCredentials 标志设置为true,从而向服务器发送cookie, 但是如果服务器端的响应中未携带Access-Control-Allow-Credentials: true,浏览器将不会把响应内容返回给请求的发送者。
对于附带身份凭证的请求,服务器不得设置Access-Control-Allow-Origin 的值为*, 必须是某个具体的域名。
注意,简单的GET请求不会触发预检,如果对此类带有身份凭证请求的响应中不包Access-Control-Allow-Credentials: true,这个响应将被忽略掉,并且浏览器也不会将相应内容返回给网页
2.3 What is the OPTIONS request?
The key fields of the preflight request header request header:
Access-Control-Request-Method:告诉服务器实际请求所使用的 HTTP 方法
Access-Control-Request-Headers:告诉服务器实际请求所携带的自定义首部字段
The server judges whether to accept the next actual request based on the information obtained from the preflight request header.
The key fields of the preflight response header response header:
Access-Control-Allow-Methods:返回了服务端允许的请求,包含GET/HEAD/PUT/PATCH/POST/DELETE
Access-Control-Allow-Credentials:允许跨域携带cookie(跨域请求要携带cookie必须设置为true)
Access-Control-Allow-Origin:允许跨域请求的域名,这个可以在服务端配置一些信任的域名白名单
Access-Control-Request-Headers:客户端请求所携带的自定义首部字段content-type
The options request returned the content of the response header, but not the response body content.