我的JavaScript代码需要对REST服务进行以下GET Ajax调用:
jQuery.support.cors = true;
$.ajax({
type: "GET",
url: "https://serverdomain.com/serviceurl,
cache: false,
dataType: "json",
timeout: 5000,
crossDomain: true,
headers: { 'Authorization': 'Bearer ' + access_token },
success: function (data) {
renderInfo(data);
},
error: function (jqxhr, textStatus, error) {
...
}
});
由于Authorization HTTP标头,会触发以下CORS预检调用。
OPTIONS https://stcuatsoagw51.uatingdircan.ca:8443/sean/v1/customers/my/?_=1390845096145 HTTP/1.1
Accept: */*
Origin: https://localhost:44300
Access-Control-Request-Method: GET
Access-Control-Request-Headers: accept, authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: stcuatsoagw51.uatingdircan.ca:8443
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
我更改了服务器端以对OPTIONS调用返回以下响应:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/xml;charset=UTF-8
Content-Length: 27
Date: Mon, 27 Jan 2014 17:51:37 GMT
响应主要是允许所有类型的CORS调用。但是,浏览器似乎在收到OPTIONS呼叫响应后停止,并且不会继续发送原始的GET呼叫。
我在OPTIONS调用的响应中遗漏了什么吗?
答案 0 :(得分:0)
对于Access-Control-Allow-Headers
,您无法使用通配符。你必须列出标题。另外,正如Ray所说,如果Access-Control-Allow-Origin
设置为true,则不能使用通配符Access-Control-Allow-Credentials
。