報價從Opera documentation(第一個鏈接我已經找到了):即使Access-Control-Allow-Headers丟失,爲什麼CORS請求成功?
標準或自定義標題是 訪問控制允許報頭適當的值。爲了使跨源請求成功,其值必須與 Access-Control-Request-Headers標頭的值相匹配(或包含)。
我使用jQuery發送請求。如果我註釋掉setRequestHeader
:
$(function() {
$.ajax({
url: 'http://silex.local/users',
method: 'GET',
beforeSend : function(req) {
//req.setRequestHeader('Authorization', 'FID ds7sd6:32n8942b3672n2');
}
});
});
它不應該工作,因爲服務器響應有:
HTTP/1.0 200 OK
Date: Sat, 11 Aug 2012 02:15:14 GMT
Server: Apache/2.2.22 (Win32) PHP/5.3.14
X-Powered-By: PHP/5.3.14
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Authorization
Connection: close
Content-Type: application/json; charset=utf-8
當客戶端請求與:
GET http://silex.local/users HTTP/1.1
Host: silex.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: */*
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://localhost/test.html
Origin: http://localhost
Cache-Control: max-age=0
我錯過了什麼?對不起,如果這是一個奇怪的問題,第一次與CORS對我來說......
'Access-Control-Allow-Origin:*'表示資源可以通過任何域以跨站點方式訪問。 [你可以在MDN上閱讀更多關於這方面的內容。](https://developer.mozilla.org/en-US/docs/HTTP_access_control) – Ohgodwhy 2012-08-11 02:25:18
@Ohgodwhy是的,但我正在討論'Access-Control-Allow-Headers '... – gremo 2012-08-11 02:29:22