0
我試圖跨兩個Web應用程序啓用跨源資源共享,並且仍然收到「訪問控制允許來源不允許的原點X」。訪問控制允許源頭不起作用
的要求是這樣的:
Request URL:http://mywebsite:8700/?myparam=blah
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Origin:http://localhost:1715
Referer:http://localhost:1715/stuff
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
這給錯誤:
XMLHttpRequest cannot load http://mywebsite:8700/?myparam=blah. Origin http://localhost:1715 is not allowed by Access-Control-Allow-Origin.
如果我在瀏覽器訪問URL直接我得到的是返回以下響應頭和正確的JSON
Request URL:http://mywebsite:8700/?myparam=blah
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Negotiate blahblahblahblahblahblahblahblahblah
Cache-Control:max-age=0
Connection:keep-alive
Cookie:blahblahblah
Host:mywebsite:8700
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
Response Headersview source
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Length:11563
Content-Type:application/json; charset=utf-8
Date:Wed, 29 Jan 2014 06:51:49 GMT
WWW-Authenticate:Negotiate blahblahblah==
使用JSONP是最後的解決方案,因爲它會影響其他應用程序已經調用此方法。