我正在向启用了CORS的端点发送请求,并通过javascript调试器控制台查看以下标头:
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, X-Username, X-Password, X-Auth-Token
Access-Control-Allow-Methods:GET,POST
Access-Control-Allow-Origin:*
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:0
Date:Fri, 19 Jan 2018 00:10:04 GMT
Expires:0
Pragma:no-cache
X-Auth-Token:re6X3wiUlbZMiN0443u1E5OmCa1zad0UAI6ygDCRqj8=
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-Something:Value
X-XSS-Protection:1; mode=block
我在服务器上设置它们,这是预期的。
当我用fetch打印它们时
fetch("http://localhost:8080/api/1.0/data/people",
{
mode: 'cors',
method: "POST",
body: data,
headers: {
'X-Username': 'e4080',
'X-Password': 'e4080',
'Accept': 'application/json',
'Content-Type': 'application/json',
}
})
.then(function (res) {
var hdr = ""
for (var pair of res.headers.entries()) {
console.log(pair[0]+ ': '+ pair[1]);
}
})
我只能得到这个:
cache-control: no-cache, no-store, max-age=0, must-revalidate
auth-actions.js:103 expires: 0
auth-actions.js:103 pragma: no-cache
为什么我看不到所有的标题?具体来说,为什么我看不到X-Auth-Token标题?