9
这似乎并不工作:跨域AJAX预检失败源检查
$.ajax({
url: "http://localhost:3000/foo.json",
data: { foo: 'bar' },
headers: { 'HTTP_X_CUSTOMHEADER': 'foobar' },
xhrFields: { withCredentials: true }
});
当我的jsfiddle运行它,一个OPTIONS请求(根据Chrome的调试工具)触发关闭,看起来像这样:
Access-Control-Request-Headers: Origin, HTTP_X_CUSTOMHEADER, Accept
Access-Control-Request-Method: GET
Origin: http://fiddle.jshell.net
然后(根据Chrome的调试工具),我的本地服务器返回以下标题:
(手动重新格式化为READA吴春明)
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: HTTP_X_CUSTOMHEADER
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: http://fiddle.jshell.net
Access-Control-Max-Age: 10
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Sep 2011 22:42:28 GMT
Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-01-10)
X-Runtime: 2
然后在控制台我得到一个错误信息是这样的:
XMLHttpRequest cannot load http://localhost:3000/foo.json?foo=bar.
Origin http://fiddle.jshell.net is not allowed by Access-Control-Allow-Origin.
但Access-Control-Allow-Origin头看起来与当我的服务器到预检要求回应。那么我在这里错过了什么?
传出请求的标题是什么样的?它们应该包含一个[Origin:](https://developer.mozilla.org/en/HTTP_access_control)标题。不过,我相信浏览器[总是追加它](https://developer.mozilla.org/en/HTTP_access_control#Origin)。 – daxelrod
使用选项请求中的标题更新了问题。 –