2
我有一個非常奇怪的問題。我有一個簡單的Perl CGI腳本作爲包裝到一個API(允許受限的交叉原點控制)構建Webservice。 不管怎樣,允許跨域請求我把這些標題:Access-Control-Allow-Origin標題存在,但瀏覽器拒絕XMLHttpRequest
Content-Type: text/plain
Access-Control-Allow-Origin: $origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Accept-Language, Content-Language
Content-Security-Policy: connect-src *
X-Content-Security-Policy: connect-src *
X-WebKit-CSP: connect-src *
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding, Origin
其中my $origin = $ENV{HTTP_ORIGIN} // '*';。
當腳本請求預期的ressource,從包裝的反應是跟着(從Firefox複製):
HTTP/1.1 200 OK
Date: Wed, 20 Jan 2016 12:54:48 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Accept-Language, Content-Language
content-security-policy: connect-src *, frame-ancestors 'self'
X-Content-Security-Policy: connect-src *
X-WebKit-CSP: connect-src *
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding,Origin
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain
瀏覽器給了我以下錯誤:
XMLHttpRequest cannot load http://www.example.com/cgi-bin/wrapper.pl. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example2.com' is therefore not allowed access.`
我也用curl和Postman測試了這個呼叫,但是這個按照預期工作。 問題是所有瀏覽器似乎都忽略了Access-Control-Allow-Origin標題,即使他已設置。