即使状态回来，跨域ajax命中错误也是200

Question

我发送跨域ajax请求，响应返回状态200.我也看到请求到达服务器。

我有这个在我的服务器：

context.Response.Headers.Add("Access-Control-Allow-Origin", "*"); 
context.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); 
context.Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS"); 
context.Response.Headers.Add("Access-Control-Allow-Headers", "*"); 

这是在客户端上：

$.ajax({ 
     type: "POST", 
     url: this.SERVER + url, 
     data: data, 
     xhrFields: { 
      withCredentials: true 
     }, 
     success: function (a, b) { 
      debugger; 
      alert("sdsd"); 
     },error : function(a,b) { 
      debugger; 
     }, 
     dataType: 'json' 
    }); 

这是从Chrome浏览器的请求

在Firefox其我得到的错误：

个

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:2000/PageHandler.ashx. This can be fixed by moving the resource to the same domain or enabling CORS

Answer 1

我大胆猜测是，由于要发送的Access-Control-Allow-Credentials头，你不能把*在Access-Control-Allow-Origin。尝试指定您的JavaScript客户端的来源。

我在下面这段来自Mozilla开发者网络文档信息CORS此基础：

The origin parameter specifies a URI that may access the resource. The browser must enforce this. For requests without credentials, the server may specify "*" as a wildcard, thereby allowing any origin to access the resource.