{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 小情绪 Triste * 的问题《fetch() does not send headers?》','https://www.manongdao.com/q-282233.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am sending POST request like this from browser:
fetch(serverEndpoint, {
method: 'POST',
mode: 'no-cors', // this is to prevent browser from sending 'OPTIONS' method request first
redirect: 'follow',
headers: new Headers({
'Content-Type': 'text/plain',
'X-My-Custom-Header': 'value-v',
'Authorization': 'Bearer ' + token,
}),
body: companyName
})
By the time the request reaches my back-end it does not contain X-My-Custom-Header nor Authorization header.
My back-end is Google Cloud function for Firebase (basically just Node.js endpoint) that looks like this:
exports.createCompany = functions.https.onRequest((req, res) => {
let headers = ['Headers: ']
for (let header in req.headers) {
headers.push(`${header} : ${req.headers[header]}`)
}
console.log(headers)
...
}
The console log of that Google Cloud for Firebase function does not contain any X-My-Custom-Header nor Authorization header.
What is wrong?
Edit 1
So using dev tools in Chrome a checked that neither X-My-Custom-Header nor Authorization header is send from the browser... The questions now are: Why? How do I fix it?
Edit 2
More information about my app: It's React app. I have disabled service worker. I have tried to create Request and specifically add headers using req.headers.append(). The headers still wouldn't send.
Firstly : Use an object instead of
new Headers(..):Secondly : Good to know, headers are lowercased by
fetch!!Thridly :
no-corsmode limite the use of headers to this white list :AcceptAccept-LanguageContent-LanguageContent-Typeand whose value is (application/x-www-form-urlencoded,multipart/form-data,text/plain)That's why only your
Content-Typeheader is sent and notX-My-Custom-HeaderorAuthorization.Can you try this?
Ref. https://developers.google.com/web/updates/2015/03/introduction-to-fetch#sending_credentials_with_a_fetch_request
1st: when you call headers in your exports.createCompany function, you have
let headers = ['Headers: ']with a capitalHinstead of lowercasehwhich might cause errors. you also have a comma after token in the headers which shouldn't be there.2nd: everytime i have used fetch requests in react native, the
header:doesn't need thenew Headerson it.try this:
fetch(serverEndpoint, { method: 'POST', mode: 'no-cors', redirect: 'follow', headers:{ 'Content-Type': 'text/plain', 'X-My-Custom-Header': 'value-v', 'Authorization': 'Bearer ' + token }, body: companyName })The same-origin policy restricts the kinds of requests that a Web page can send to resources from another origin.
In the
no-corsmode, the browser is limited to sending “simple” requests — those with safelisted methods and safelisted headers only.To send a cross-origin request with headers like
AuthorizationandX-My-Custom-Header, you have to drop theno-corsmode and support preflight requests (OPTIONS).The distinction between “simple” and “non-simple” requests is for historical reasons. Web pages could always perform some cross-origin requests through various means (such as creating and submitting a form), so when Web browsers introduced a principled means of sending cross-origin requests (cross-origin resource sharing, or CORS), it was decided that such “simple” requests could be exempt from the preflight
OPTIONScheck.I also had this same issue. I resolved it by removing 'no-cors' from javascript and adding the following in server side spring boot.