跨域问题。从HTTP到相同的域HTTPS。
服务器需要X-Requested-With标头,所以我在jQuery ajax选项中设置它:
'headers': {'X-Requested-With': 'XMLHttpRequest'}
jQuery然后发送OPTION:
OPTIONS /my/test/ HTTP/1.1
Host: www.my.dev
Origin: http://www.my.dev
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
服务器响应:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Credentials: true
然后jQuery发送“实际”请求:
POST /my/test/ HTTP/1.1
Host: www.test.dev
X-Requested-With: XMLHttpRequest
Origin: http://www.test.dev
缺少Cookie标头!
服务器响应:
HTTP/1.1 403 Forbidden
Content-Type: application/json
Set-Cookie: SESSID=3tg8svt3lrv97v155uv2kqr3o2; expires=Sat, 25-Apr-2015 17:35:13 GMT; Max-Age=259200; path=/
添加
'xhrFields': {
'withCredentials': true
},
'crossDomain': {
'crossDomain': true
},
到jQuery ajax选项导致jQuery根本不发送实际请求,只有OPTIONS。
如何发送cookie? 至少有人确认cookie是以类似的设置发送的吗?
答案 0 :(得分:1)
让它发挥作用。
一些重要的注释:
crossDomain似乎没有做任何事情withCredentials但在Access-Control-Allow-Credentials响应中没有OPTIONS,则表示未提出实际请求withCredentials,jQuery不会发送Cookie标题Cookie,则服务器不会发送Access-Control-Allow-Origin和Access-Control-Allow-Credentials标题Access-Control-Allow-Origin和Access-Control-Allow-Credentials标头 - 否则jQuery不解析响应正文(尽管它看到响应代码和所有标题都正常)并抛出控制台错误PS