我有两个端点,一个www和一个api。 API驱动了backbone.js集合,到目前为止这一点已经顺利完成了。新的RPC指令失败了Access-Control-Allow-Origin CORS检查,但我不知道如何调试。来自网站的几个预检OPTIONS调用成功返回结果集,但是这个新的完全失败了。通过单击按钮手动触发失败的新RPC。它不存在于iframe或任何具有奇怪安全范围的容器中。所有这些都发生在同一个网页上。
我有3次调用某些集合,请求/响应如下:
请求:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization, origin
Access-Control-Request-Method:GET
响应:
Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:53:33 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express
^^胜利!所有收藏品都在填充。我可以在这些集合中获取/发布/删除/删除模型而不受惩罚。
失败的电话:
请求:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, origin, authorization, content-type
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:api.bip.io
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko Chrome/24.0.1312.52 Safari/537.17
响应:
Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:55:26 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express
GET /rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37
Request URL:https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37
Accept:application/json, text/javascript, */*; q=0.01
Authorization:Basic {XX-OBFUSCATED}
Cache-Control:no-cache
Content-Type:application/json
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17
上次请求的Chrome错误是:
XMLHttpRequest cannot load https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37.
Origin https://bip.io is not allowed by Access-Control-Allow-Origin.
所有这些调用都通过这个jQuery v1.8.2方法获得漏洞:
// request handler
_request : function(payload, methodAPI, methodHTTP, onSuccess, onFail) {
var self = this;
var payload = null == payload ? payload : JSON.stringify(payload);
var reqStruct = {
type: methodHTTP,
contentType: 'application/json',
dataType: 'json',
url: methodAPI,
success: function(resData, status, xhr) {
if (undefined != onSuccess) {
onSuccess(resData, payload);
}
},
error: function(xhr, status, errText) {
if (undefined !== onFail) {
onFail(xhr.status, status, errText, payload);
}
}
};
if (null !== payload) {
reqStruct.data = payload;
}
$.ajax(reqStruct);
}
如何调试?谢谢!