我遇到了一個CORS請求的問題,我認爲這個請求應該被拒絕,但Chrome,Firefox和IE正在接受這個請求。的要求,從Wireshark的是:Chrome無法阻止無效的CORS請求
GET /postcode/rest/postcodeSearch?&provider=&postcode=PL6+7TL HTTP/1.1
Host: devtestl1:5706
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:5506
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
DNT: 1
Referer: http://localhost:5506/icm/admin/articles/dopreview.cfm?InEditorPreview=false&NodeID=1&Browser=NS6&HTMLEditor=TRUE&FlashTreePluginLocated=12&SubsiteName=&WYSIWYGEditControl=TEMPLATE&bMobileSimulator=False
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en,en-GB;q=0.8
的響應是:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:5506
Access-Control-Allow-Method: POST
Access-Control-Max-Age: 60
Access-Control-Allow-Headers: Content-Type,Authorization,X-Api-Session,X-Api-Key,X-Api-Token
Access-Control-Expose-Headers: Content-Type,X-Api-Session,X-Api-Token
Content-Type: application/json; charset=utf-8
Content-Length: 669
Date: Tue, 18 Feb 2014 11:14:57 GMT
Connection: keep-alive
{"result":[{"udprn":"18994206","company":"Delta Engineering Plymouth LLP","department":"","line1":"Darklake View","line2":"Estover","line3":"","line4":"","line5":"","town":"Plymouth","county":"Devon","postcode":"PL6 7TL"},{"udprn":"18994215","company":"Goss Interactive Ltd","department":"","line1":"24 Darklake View","line2":"Estover","line3":"","line4":"","line5":"","town":"Plymouth","county":"Devon","postcode":"PL6 7TL"},{"udprn":"18994208","company":"Jennycrafts","department":"","line1":"Cranmere House","line2":"21 Darklake View","line3":"Estover","line4":"","line5":"","town":"Plymouth","county":"Devon","postcode":"PL6 7TL"}],"_transport_":{"statusCode":200}}
返回郵編數據顯示在即使GET請求迴應「訪問 - 控制 - 瀏覽器Allow-Method:POST「標題。根據我的理解,瀏覽器應該放棄整個響應。
爲什麼這個回覆是允許的?
感謝, 安迪
請求是如何啓動的? –