Question

在谷歌和Stackoverflow上花了好几个小时而没有进步的感觉，我正在请求帮助让交叉请求ajax工作。

我在客户端使用JQuery，并使用自定义配置进行基本身份验证：

//configuration AJAX  
$(document).ajaxSend(function(e, xhr, options) {   
    xhr.withCredentials = true;  
    xhr.setRequestHeader("Authorization", "Basic dGVzdEB0ZXN0LmZyOmF6ZXJ0eQ==");  
});

//a request
$.get("http://domainA.com/api");

在我的服务器上，Apache配置为使用特殊的cors标头进行响应：

Header always set Access-Control-Allow-Origin "http://domainB.com"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Request-Headers "Authorization, X-Requested-With, Content-Type, Accept, Origin"
Header always set Access-Control-Max-Age "86400"
Header always set Access-Control-Allow-Credentials "true"

因此，当发送请求时，AJAX发出了一个预检请求：

OPTIONS /api HTTP/1.1
Host: domainA.com
User-Agent: useragent
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Origin: domainB.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Connection: keep-alive

我的服务器回复：

HTTP/1.1 200 OK
Date: Fri, 09 Aug 2013 15:58:38 GMT
Server: Apache
Access-Control-Allow-Origin: http://domainB.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Request-Headers: authorization, X-Requested-With, Content-Type, Accept, Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Content-Length: 489
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

AJAX请求在不执行实际请求的情况下停止。返回的代码为0.我无法找到配置中的问题，因为任何Access-Control-Request都有其响应。谢谢你的帮助

Answer 1

也许你应该试试这个？它在我的Apache服务器上运行良好：

Header always set Access-Control-Allow-Headers "Authorization, X-Requested-With, Content-Type, Accept, Origin"

使用Access-Control-Allow-Headers代替Access-Control-Request-Headers。

使用AJAX，JQuery，Apache＆amp; amp;基本认证

1 个答案: