解决Request header field strict-transport-security is not allowed by Access-Control-Allow-Headers in preflight response.

一、问题：

Access to XMLHttpRequest at 'http://127.0.0.1:8000/api/v1/hazards/headers/' from origin 'http://localhost:9000' has been blocked by CORS policy: Request header field strict-transport-security is not allowed by Access-Control-Allow-Headers in preflight response.
二、意思是：

从源“http://localhost:9000”到“http://127.0.0.1:8000/api/v1/hazards/headers/”的 XMLHttpRequest 访问已被跨源资源共享（CORS）策略阻止：预检响应中的“Access-Control-Allow-Headers”不允许请求标头字段“strict-transport-security”。

三、解决办法：

# 允许执行的请求头

CORS_ALLOW_HEADERS = ['Strict-Transport-Security',]

posted on 2025-06-24 13:59 GoGrid 阅读(7) 评论(0) 收藏举报

刷新页面返回顶部

eagleye

解决Request header field strict-transport-security is not allowed by Access-Control-Allow-Headers in preflight response.

导航

公告