即使狀態回來，跨域ajax命中錯誤也是200

Question

我發送跨域ajax請求，響應返回狀態200.我也看到請求到達服務器。

我有這個在我的服務器：

context.Response.Headers.Add("Access-Control-Allow-Origin", "*"); 
context.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); 
context.Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS"); 
context.Response.Headers.Add("Access-Control-Allow-Headers", "*"); 

這是在客戶端上：

$.ajax({ 
     type: "POST", 
     url: this.SERVER + url, 
     data: data, 
     xhrFields: { 
      withCredentials: true 
     }, 
     success: function (a, b) { 
      debugger; 
      alert("sdsd"); 
     },error : function(a,b) { 
      debugger; 
     }, 
     dataType: 'json' 
    }); 

這是從Chrome瀏覽器的請求

在Firefox其我得到的錯誤：

個

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:2000/PageHandler.ashx. This can be fixed by moving the resource to the same domain or enabling CORS

Answer 1

我大膽猜測是，由於要發送的Access-Control-Allow-Credentials頭，你不能把*在Access-Control-Allow-Origin。嘗試指定您的JavaScript客戶端的來源。

我在下面這段來自Mozilla開發者網絡文檔信息CORS此基礎：

The origin parameter specifies a URI that may access the resource. The browser must enforce this. For requests without credentials, the server may specify "*" as a wildcard, thereby allowing any origin to access the resource.