我有一段代码在浏览器中运行
<html>
<script type="module">
console.log("working");
var url = "https://slack.com/api/chat.postMessage";
var auth_token = "xoxb-2B"; //Your Bot's auth token
var body = {channel: "ses", text: "testing app"}
async function postData(url = '', data = {}) {
// Default options are marked with *
const response = await fetch(url, {
method: 'POST', // *GET, POST, PUT, DELETE, etc.
headers: {
"Authorization": "Bearer " + auth_token,
"Content-Type" : "application/json"
},
body: JSON.stringify(data) // body data type must match "Content-Type" header
});
return response.json(); // parses JSON response into native JavaScript objects
}
postData('https://slack.com/api/chat.postMessage', body)
.then(data => {
console.log(data); // JSON data parsed by `data.json()` call
});
</script>
</html>
我正在获取访问权限,但是CORS策略阻止了从' http://127.0.0.1:5500 '到'https://slack.com/api/chat.postMessage'的访问请求。预检请求响应中不允许使用请求头字段“authorization”。
我不明白,我需要以某种方式指定令牌,即使在文档中也说要将它放在Authorization标头中,为什么它们不允许?