我需要向使用基本身份验证的服务器发出CORS请求。我使用jQuery 1.5.1并拥有此代码:
$.ajax({
type: 'GET',
global: true,
url: theSource,
crossDomain: true,
beforeSend: function(xhr) {
xhr.withCredentials = true;
xhr.setRequestHeader("Authorization", "Basic " + btoa("username:password"));
},
error: function (xhr, status, errorThrown) {
alert(errorThrown + '\n' + status + '\n' + xhr.statusText);
},
success: function (data) {
ABC.ABCconsole.log('Success');
ABC.openAjaxSuccess(data);
}
});
在服务器端设置这些标题:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Accept
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Origin: http://example.com
不幸的是,在服务器的响应中,我有401 Unauthorized错误。
在请求中,我有以下标题:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Host:example01.com
Origin:http://example.com
Referer:http://example.com/france/asd/qwes/business-nothing.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
在响应中这些标题:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Accept
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Origin: http://example.com
Content-Length:58
Content-Type:text/html
Date:Wed, 16 Jul 2014 09:42:00 GMT
Server:Microsoft-IIS/7.5
Set-Cookie:loc=phl;path=/;
WWW-Authenticate:Basic realm="example01.com"
你可能有任何想法为什么会发生?
UPD:正如您在请求中看到的那样,我看不到我的Authentication标头已设置。如果我使用--disable-web-security键运行浏览器,一切正常。并Authentication标头设置正确。
UPD2:请求在http POST方法上失败。那可能是问题在这里?
Remote Address:111.111.11.12:80
Request URL:http://example01.com/asst/index.epx?id=569fe9d0-1515-423a-bae8-84265b6396a0&_=1405506291028
Request Method:OPTIONS
Status Code:401 Unauthorized
答案 0 :(得分:0)
改为使用Access-Control-Allow-Origin: *。