我有一个CORS AJAX请求我正在尝试从https到https。从http到http时它工作正常,但由于它不发送cookie而无法通过SSL。
这里有安全限制吗?我在请求发出之前查看了withCredentials
的状态,并将其设置为true
。有什么想法阻止cookie被发送或如何调试?
这是最初的飞行前(OPTIONS)请求:
Request URL:https://mydomain.com/resource
Request Method:OPTIONS
Status Code:200 OK
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:X-CSRFToken
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Cookie: [COOKIES]
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-CSRFToken
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:https://www.google.com
Access-Control-Max-Age:86400
Connection:keep-alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=utf-8
Date:Mon, 09 Apr 2012 00:32:51 GMT
Server:nginx/0.8.54
Vary:Accept-Encoding
POST请求:
请求网址:https://mydomain.com/resource 请求方法:POST 状态代码:200 OK
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19