所以我在我的服务器上设置了CORS,跟随enable-cors.org网站。我最终得到了这个配置(在apache 2.4上):
#Allowing CORS capabilities
<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www|othersubdomain\.)?(mywebsite.com)$" AccessControlAllowOrigin=$0$1
Header always add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
</IfModule>
# ...
<IfModule mod_rewrite.c>
RewriteEngine On
# needed for CORS
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
它现在有效,但我想知道为什么我需要放置always关键字?
否则,这些标头永远不会发送到客户端(来自另一个域名),在ajax请求上(这就是这个系统的全部目的)。