CORS预检呼叫不遵循GET呼叫

时间:2014-01-27 18:06:18

标签: javascript ajax cors

我的JavaScript代码需要对REST服务进行以下GET Ajax调用:

jQuery.support.cors = true;
$.ajax({
    type: "GET",
    url: "https://serverdomain.com/serviceurl,
    cache: false,
    dataType: "json",
    timeout: 5000,
    crossDomain: true,
    headers: { 'Authorization': 'Bearer ' + access_token },
    success: function (data) {
        renderInfo(data);
    },
    error: function (jqxhr, textStatus, error) {
        ...
    }
});

由于Authorization HTTP标头,会触发以下CORS预检调用。

OPTIONS https://stcuatsoagw51.uatingdircan.ca:8443/sean/v1/customers/my/?_=1390845096145 HTTP/1.1
Accept: */*
Origin: https://localhost:44300
Access-Control-Request-Method: GET
Access-Control-Request-Headers: accept, authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: stcuatsoagw51.uatingdircan.ca:8443
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

我更改了服务器端以对OPTIONS调用返回以下响应:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/xml;charset=UTF-8
Content-Length: 27
Date: Mon, 27 Jan 2014 17:51:37 GMT

响应主要是允许所有类型的CORS调用。但是,浏览器似乎在收到OPTIONS呼叫响应后停止,并且不会继续发送原始的GET呼叫。

我在OPTIONS调用的响应中遗漏了什么吗?

1 个答案:

答案 0 :(得分:0)

对于Access-Control-Allow-Headers,您无法使用通配符。你必须列出标题。另外,正如Ray所说,如果Access-Control-Allow-Origin设置为true,则不能使用通配符Access-Control-Allow-Credentials