按照http://www.html5rocks.com/en/tutorials/cors/的示例,我编写了测试代码。它成功发送了预检请求,但在实际请求中失败了。
这是我的javascripts(基于html5rocks上的示例):
<script type="text/javascript">
// Create the XHR object.
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// XHR for Chrome/Firefox/Opera/Safari.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// XDomainRequest for IE.
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// CORS not supported.
xhr = null;
}
return xhr;
}
// Make the actual CORS request.
function makeCorsRequest() {
// All HTML5 Rocks properties support CORS.
var url = 'http://mylocal.com:9000/gallery/v1/comments';
var xhr = createCORSRequest('POST', url);
if (!xhr) {
alert('CORS not supported');
return;
}
xhr.setRequestHeader("logged-in-user","sample_user_junbo")
xhr.setRequestHeader("x-adsk-product","adsk_gallery_sample")
xhr.setRequestHeader("Content-Type","application/json")
// Response handlers.
xhr.onload = function() {
var text = xhr.responseText;
$("#gds_result").html(text)
// alert('Response from CORS request to ' + url + ': ' + title);
};
xhr.onerror = function() {
alert('Woops, there was an error making the request.');
};
xhr.send("commentable_id=40&commentable_type=project&text=test");
}
</script>
我在jetty(mylocal.com:8080)托管我的静态html页面,并请求在mylocal.com:9000上托管的另一项服务,其中也添加了所需的CORS标头。从Chrome网络看,发送了两个请求:一个OPTIONS请求和一个PUT请求。
OPTIONS请求以200:
成功Remote Address:::1:9000
Request URL:http://mylocal.com:9000/gallery/v1/comments
Request Method:OPTIONS
Status Code:200 OK
Request Headersview parsed
OPTIONS /gallery/v1/comments HTTP/1.1
Host: mylocal.com:9000
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://mylocal.com:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Access-Control-Request-Headers: x-adsk-product, logged-in-user, content-type
Accept: */*
Referer: http://mylocal.com:8080/test/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
Response Headersview parsed
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: x-adsk-product, logged-in-user, content-type
Access-Control-Allow-Methods: POST, GET, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 326800
Content-Length: 0
如您所见,CORS标头由服务器响应。但是因为&#34而取消了PUT请求; XMLHttpRequest无法加载http://mylocal.com:9000/gallery/v1/comments。 No&#39; Access-Control-Allow-Origin&#39;标头出现在请求的资源上。起源&#39; http://mylocal.com:8080&#39;因此不允许访问。&#34;:
Request URL:http://mylocal.com:9000/gallery/v1/comments
Request Headers CAUTION: Provisional headers are shown.
Content-Type:application/json
logged-in-user:sample_user_junbo
Origin:http://mylocal.com:8080
Referer:http://mylocal.com:8080/test/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
x-adsk-product:adsk_gallery_sample
Request Payload
commentable_id=40&commentable_type=project&text=test
我错过了什么吗?为什么我收到错误,因为CORS头已经存在? 抱歉,域名&#39; mylocal.com&#39;以上意味着本地主机&#39;因为有些stackoverflow策略。