我不确定是否可以这样做,但我不是这方面的专家。
我在Chrome上开发了一个可以显示仪表板的插件。这种情况是这样的。
我访问网站website-a.com并点击该插件,该插件通过AJAX向后端服务发出请求,这是我得到的回复。
access-control-allow-origin:http://www.website-a.com <<- Here
access-control-expose-headers:WWW-Authenticate,Server-Authorization
cache-control:max-age=300
Connection:keep-alive
content-encoding:gzip
Content-Type:application/json; charset=utf-8
Date:Thu, 18 Feb 2016 23:08:11 GMT
Expires:Thu, 18 Feb 2016 23:13:11 GMT
transfer-encoding:chunked
这是标准回复。现在,如果我访问website-b.com,响应会被缓存,所以我仍然会在website-b.com上收到来自website-a.com的回复
access-control-allow-origin:http://www.website-a.com <<- Here
access-control-expose-headers:WWW-Authenticate,Server-Authorization
cache-control:max-age=300
Connection:keep-alive
content-encoding:gzip
Content-Type:application/json; charset=utf-8
Date:Thu, 18 Feb 2016 23:08:11 GMT
Expires:Thu, 18 Feb 2016 23:13:11 GMT
transfer-encoding:chunked
这会导致CORS问题。有没有办法不缓存access-control-allow-origin?