【发布时间】:2014-01-28 04:40:23
【问题描述】:
AJAX 请求工作正常,但是当我通过 beforeSend 或 headers 添加标头时,会发出 OPTIONS 飞行前请求并中止 GET 请求。
Code: $.ajax({
type: "GET",
crossDomain: true,
beforeSend: function (xhr)
{
xhr.setRequestHeader("session", $auth);
},
url: $url,
success: function (data) {
$('#something').html(data);
},
error: function (request, error) {
$('#something').html("<p>Error getting values</p>");
}
});
类似 AJAX 请求不指定标头(当我添加/修改标头时,会进行 OPTIONS 调用)
Request GET /api/something?filter=1 HTTP/1.1
Referer http://app.xyz.dj/dashboard
Accept application/json, text/javascript, */*; q=0.01
Accept-Language en-US
Origin http://app.xyz.dj
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; MASMJS; rv:11.0) like Gecko
Host 162.243.13.172:8080
DNT 1
Connection Keep-Alive
Cache-Control no-cache
类似的服务器响应标头(用于 GET 请求)
Response HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Access-Control-Allow-Origin *
Access-Control-Allow-Methods GET, POST, DELETE, PUT, OPTIONS, HEAD
Access-Control-Allow-Headers Content-Type, Accept, X-Requested-With
Access-Control-Allow-Credentials true
Content-Type application/json
Transfer-Encoding chunked
Date Thu, 09 Jan 2014 14:43:07 GMT
我做错了什么?
【问题讨论】:
-
这是 OPTIONS 请求的响应头 Response HTTP/1.1 204 No Content Server Apache-Coyote/1.1 Allow OPTIONS,GET,HEAD Access-Control-Allow-Origin * Access-Control-Allow-凭据 true Access-Control-Allow-Methods GET、POST、DELETE、PUT、OPTIONS、HEAD Access-Control-Allow-Headers Content-Type、Accept、X-Requested-With Date Thu, 09 Jan 2014 14:53:31 GMT
-
/api/ HTTP OPTIONS (Aborted) 327 B 297 ms CORS Preflight
-
您需要使用
Access-Control-Allow-Headers响应头来指定允许自定义头。 -
添加 Access-Control-Allow-Headers:* 到服务器响应。甚至允许来源是 *。问题仍然存在。
-
我认为
*不是Access-Control-Allow-Headers的有效值。我相信你必须列出它们。不过,您应该能够从Access-Control-Request-Headers请求标头中获取它们。见developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS。
标签: jquery ajax http-headers