CORS请求不将https的cookie发送到https,但是为http发送

时间:2012-04-09 01:48:55

标签: xmlhttprequest cors

我有一个CORS AJAX请求我正在尝试从https到https。从http到http时它工作正常,但由于它不发送cookie而无法通过SSL。

这里有安全限制吗?我在请求发出之前查看了withCredentials的状态,并将其设置为true。有什么想法阻止cookie被发送或如何调试?

这是最初的飞行前(OPTIONS)请求:

Request URL:https://mydomain.com/resource
Request Method:OPTIONS
Status Code:200 OK

Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:X-CSRFToken
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Cookie: [COOKIES]
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19

Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-CSRFToken
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:https://www.google.com
Access-Control-Max-Age:86400
Connection:keep-alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=utf-8
Date:Mon, 09 Apr 2012 00:32:51 GMT
Server:nginx/0.8.54
Vary:Accept-Encoding

POST请求:

请求网址:https://mydomain.com/resource     请求方法:POST     状态代码:200 OK

Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19

0 个答案:

没有答案