There's a strange behavior happening with my api-plateform API.
(我的api-platform API发生了奇怪的行为。)
In local developement , when I send a POST or PUT on a route with a body that violates one of the constraints I have implemented, the API sends back an error 400 with the correct response :
(在本地开发中 ,当我在路线上发送的POST或PUT的主体违反了我已实现的约束之一时,API会以正确的响应发送回错误400:)
{
"@context": "/api/contexts/ConstraintViolationList",
"@type": "ConstraintViolationList",
"hydra:title": "An error occurred",
"hydra:description": "center: Cette valeur ne doit pas être nulle.
acronym: Cette cha?ne est trop longue. Elle doit avoir au maximum 10 caractères.",
"violations": [
{
"propertyPath": "center",
"message": "Cette valeur ne doit pas être nulle."
},
{
"propertyPath": "acronym",
"message": "Cette cha?ne est trop longue. Elle doit avoir au maximum 10 caractères."
}
]
}
When I try the same request in a remote production environnent , the same request gives me an error 400, but with no response attached to it.
(当我在远程生产环境中尝试相同的请求时 ,相同的请求给我一个错误400, 但未附加任何响应。)
What is strange is that when I try the same request within the Swagger UI or Postman, I get the expected correct response.
(奇怪的是,当我在Swagger UI或Postman中尝试相同的请求时,得到了预期的正确响应。)
So it only happens on the frontend app making the request.
(因此,它仅在发出请求的前端应用程序上发生。)
I also have no issue with any other request.
(我也没有其他要求的问题。)
A correct POST will come through, a GET will give me a correct response, etc. The only problem is the 400 error with no response attached.(一个正确的POST将通过,一个GET将给我一个正确的响应,依此类推。唯一的问题是没有附加响应的400错误。)
I suspect the culprit to be linked to the CORS configuration of my API, but it seems fine to me :
(我怀疑罪魁祸首链接到我的API的CORS配置,但对我来说似乎不错:)
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: ['Content-Disposition', 'Content-Length', 'Link']
max_age: 0
hosts: []
origin_regex: false
forced_allow_origin_value: ~
paths:
'^/api':
allow_credentials: true
allow_origin: ['*']
allow_headers: ['*']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
max_age: 3600
'^/': ~
Here is an example of my front-end request headers :
(这是我的前端请求标头的示例:)
:authority: *myProductionApiUrl*
:method: POST
:path: /api/trainings
:scheme: https
accept: application/ld+json
accept-encoding: gzip, deflate, br
accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
authorization: *Bearer mytoken*
cache-control: no-cache
content-length: 151
content-type: application/ld+json
origin: http://localhost:3000
pragma: no-cache
referer: http://localhost:3000/app/trainings/create
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
UPDATE : This is definitely a CORS issue, and No 'Access-Control-Allow-Origin' header is present on the requested resource .
(更新:这绝对是CORS问题,并且所请求的资源上没有'Access-Control-Allow-Origin'标头 。)
The question remains : how can I get this CORS header issue on POST and PUT request, but not on GET, OPTIONS, etc.
(问题仍然存在:如何在POST和PUT请求上获取此CORS标头问题,而不是在GET,OPTIONS等上获取此问题?)
Furthermore, I have no problem when doing a POST that results in a successful creation (201).
(此外,在进行可成功创建的POST时我没有问题(201)。)
ask by Dogson translate from so
