对于youtube v3 CORS，不考虑返回的“Access-Control-Allow-Origin”

Question

我有一个客户端和一个服务器。我的工作流程如下：

1. 服务器使用API​​ v3将代码段上传到youtube，并获取可恢复的网址（Youtube v3 API，用于可恢复的上传内容 - https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol）
2. 此网址从我的服务器发送到浏览器，浏览器在该浏览器中发出ajax PUT请求，将实际文件上传到可恢复的网址。
3. 这样，文件不会传输到服务器，而是直接从客户端上传。

因此我收到错误，无法上传文件。

XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 

这是ajax请求：

var ajax = $.ajax({
    url: options.url,
    method: 'PUT',
    crossDomain:true,
    contentType: options.file.type,
    headers: {
        'Authorization': 'Bearer ' + options.accessToken,
        'Content-Range': 'bytes ' + options.start + '-' + (options.file.size - 1) + '/' + options.file.size
    },
    processData: false,
    data: options.file
});

浏览器发送一个OPTIONS请求，如下所示：

Remote Address:173.194.65.95:443
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,es;q=0.6,pt;q=0.4,bg;q=0.2
Access-Control-Request-Headers:content-range, accept, authorization, content-type
Access-Control-Request-Method:PUT
Connection:keep-alive
Host:www.googleapis.com
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id: myuploadit-this one is long
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000
Alternate-Protocol:443:quic,p=0.02
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Sun, 11 Jan 2015 13:56:11 GMT
Server:UploadServer ("Built on Dec 19 2014 10:24:45 (1419013485)")

从这个回复中我看到了

Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000

我知道如果此请求来自

，我可以向网址发送PUT请求

http://localhost:3000

在OPTIONS请求之后发出PUT请求：

Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Headers CAUTION: Provisional headers are shown.
Accept:*/*
Authorization:Bearer thishereistheaccesstoken
Content-Range:bytes 0-21234/21235
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id:myuploadid

我们可以看到

Origin:http://localhost:30000

提出

，因为这是发出PUT请求的原点。

但结果我确实

XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 

为什么我会得到一个＆＃34; No＆＃39; Access-Control-Allow-Origin＆＃39;标头出现在请求的资源上。＆＃34;鉴于“访问控制 - 允许 - 来源”＃39;实际上是从OPTIONS请求返回到服务器吗？