2013-07-10 136 views
1

我有以下的咖啡腳本執行某種登錄:使用Ajax XSS問題GET請求

signIn: (url, completion) -> 
    $.ajax 
    method: 'GET' 
    url: url 
    dataType: 'json' 
    error: (jqXHR, status, errorThrown) -> 
     completion false, errorThrown 
    success: (data)-> 
     completion true, data.Identifier 

當我檢查在瀏覽器中給定的URL,我得到一個有效的JSON響應返回。

但是,當使用JavaScript執行此調用時,控制檯中出現以下錯誤。請注意,我已經改變了網址迷惑:

XMLHttpRequest cannot load http://my.servicedomain.com/session/someIdentifier?access_token=secret. 
Origin http://html.server.net is not allowed by Access-Control-Allow-Origin. 

這些都是我的頭,這是我從my.servicedomain.com服務器獲取:

HTTP/1.1 200 OK 
Cache-Control: no-cache 
Pragma: no-cache 
Content-Length: 1417 
Content-Type: application/json; charset=utf-8 
Expires: -1 
Server: Microsoft-IIS/8.0 
Access-Control-Allow-Origin: * 
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS 
Access-Control-Allow-Headers: Authorization 
Server: Microsoft-IIS/8.0 
X-AspNet-Version: 4.0.30319 
X-Powered-By: ASP.NET 
X-Powered-By: ASP.NET 
Access-Control-Allow-Origin: * 
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS 
Access-Control-Allow-Headers: Authorization 
Date: Wed, 10 Jul 2013 14:24:35 GMT 
Vary: Accept-Encoding 
Content-Encoding: gzip 
Connection: Keep-Alive 

爲什麼會出現這種錯誤,即使我有Access-Control-Allow-Origin: *在響應頭?

回答