我的CORS请求和响应如下所示:
请求(POST前的飞行前请求)
OPTIONS /authenticate/facebook HTTP/1.1
Host: waycanon-test.herokuapp.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://127.0.0.1:8999
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Access-Control-Request-Headers: accept, x-auth-token, content-type
Accept: */*
Referer: http://127.0.0.1:8999/home.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2
Response Headersview source
回应
HTTP/1.1 204 No Content
Server: Cowboy
Date: Fri, 27 Feb 2015 09:34:30 GMT
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Referer, User-Agent, X-Auth-Token
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Allow: *
Content-Length: 0
Via: 1.1 vegur
我在浏览器(Chrome / Safari)中收到了以下错误信息
XMLHttpRequest无法加载 http://my-app.herokuapp.com/authenticate/facebook。通配符' *' 不能用于“访问控制 - 允许 - 来源”#39;标题时 凭证标志是真的。起源' http://127.0.0.1:8999'因此 不允许访问。
我看到了another post similar to my issue。但这对我来说仍然看起来很混乱,因为我还没有在标题中使用Access-Control-Allow-Credentials标志?有没有人有这方面的想法?