FireFox拒绝对OPTIONS的回应

时间:2013-11-07 11:16:55

标签: javascript ajax firefox cross-domain http-options-method

我有一个HTTP服务页面。客户端代码将AJAX请求的授权发送到同一个域,但是在HTTPS上。 (所以它是CORS)。

FireFox会生成此请求: //域和Cookie已更改

OPTIONS /auth/registration/json/info/ HTTP/1.1
Host: my-site.dev
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,pl;q=0.8,ru;q=0.6,en-us;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Origin: http://my-site.dev
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Connection: keep-alive

我的服务器响应:

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 07 Nov 2013 09:55:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://my-site.dev
Vary: Cookie
Access-Control-Allow-Origin: http://my-site.dev
Access-Control-Allow-Methods: OPTIONS, GET
Set-Cookie: csrftoken=foobar; expires=Thu, 06-Nov-2014 09:55:55 GMT; Max-Age=31449600; Path=/

0

FireBug显示OPTIONS请求成功,但不会在它之后触发GET请求:

enter image description here

我的回答有什么问题?

1 个答案:

答案 0 :(得分:0)

Qantas 94 Heavy ,你是对的。应该只有一个Access-Control-Allow-Origin标头只有一个域:域,在Origin请求标头中指定。

这是firefox接受的正确答案:

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 07 Nov 2013 09:55:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
Access-Control-Allow-Origin: http://my-site.dev      // The same as `Origin`
Access-Control-Allow-Methods: OPTIONS, GET
Set-Cookie: csrftoken=foobar; expires=Thu, 06-Nov-2014 09:55:55 GMT; Max-Age=31449600; Path=/

0