当前位置: 文江博客话题详情

CORS / xhr.getRequestHeaders

发布于 2024-10-12 16:27:10 字数 588 浏览 10 评论 0原文

您好,

我正在尝试使用 CORS (http://www.w3.org/TR/2009/WD-cors-20090317/#access-control-allow-methods-header) 对于 Safari 上的应用程序,当我尝试读取响应时来自 XMLHTTPRequest 的标头,我只收到内容类型。其他相当标准的标头都没有通过,我不知道如何让它工作。

有人知道如何解决这个问题吗?这可能是一个 WebKit 错误吗?

编辑

这是我在 nGinx 中使用的配置:

add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers Cache-Control,Pragma,Date;
add_header Access-Control-Allow-Methods GET,POST;
原文

Greetings,

I am trying to use CORS (http://www.w3.org/TR/2009/WD-cors-20090317/#access-control-allow-methods-header) for an application on Safari, and when I try to read the response headers from the XMLHTTPRequest, I only receive the Content-Type. None of the other quite standard headers gets through, and I cannot figure out how to get this to work.

Anyone would happen to know how to fix this issue? Could this be a WebKit bug?

Edit

here is the config i use with nGinx:

add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers Cache-Control,Pragma,Date;
add_header Access-Control-Allow-Methods GET,POST;

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

℡寂寞咖啡 2024-10-19 16:27:10

为了将标头暴露给 JS,您需要设置 < strong>Access-Control-Expose-Headers header 到要公开的标头的逗号分隔列表。

不幸的是,这个标头的支持很差。 Mozilla 仅在 Firefox 4 中实现了它,Webkit 目前仍然没有实现它。我不确定 IE8 及以上版本(谷歌没有找到任何有用的东西,我自己也没有它们来测试)。

(另请参见例如 XMLHttpRequest 的 getResponseHeader() 的限制?

In order for headers to be exposes to JS, you need to set the Access-Control-Expose-Headers header to a comma-separated list of headers you want to expose.

Unfortunately, this header is poorly supported. Mozilla only implemented it in Firefox 4, Webkit as of this moment still does not implement it. I am not sure about IE8 and above (google didn't turn up anything useful, and I don't have them around to test with myself).

(see also eg. Restrictions of XMLHttpRequest's getResponseHeader()? )

回复 原文
掩饰不了的爱 2024-10-19 16:27:10

您是否已验证您的服务器实际上正在发出 Cache-Control、Pragma 和 Date 标头?也许在客户端上设置 Wireshark 跟踪来查看正在交换的实际 HTTP 标头?

Have you verified that your server is actually emitting the Cache-Control, Pragma and Date headers? Perhaps set up a Wireshark trace on the client to see the actual HTTP headers that are being exchanged?

回复 原文
心碎无痕… 2024-10-19 16:27:10

我昨天也遇到同样的情况。 https://stackoverflow.com/users/713326/gijs 给了您正确的答案,但还有另一部分是具体的到 nginx 你必须要小心。
“添加标头”仅在服务响应成功(200、204、301、302 或 304)的情况下才起作用。您必须自定义构建 nginx 才能包含 HttpHeadersMoreModule
http://wiki.nginx.org/HttpHeadersMoreModule)。之后你必须用 more_set_headers 替换 add_header 。

例子:

    more_set_headers 'Access-Control-Allow-Origin: $http_origin';
    more_set_headers 'Access-Control-Allow-Credentials: false';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT, PATCH, DELETE';
    more_set_headers 'Access-Control-Allow-Headers:Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization;
    more_set_headers 'Access-Control-Expose-Headers: Location';

I've been in same situation yesterday. https://stackoverflow.com/users/713326/gijs gave you the right answer but there is another part that is specific to nginx that you have to take care.
"add header" is working only in the case where the response from a service is successful (200, 204, 301, 302 or 304). You have to do a custom build of nginx to include HttpHeadersMoreModule
(http://wiki.nginx.org/HttpHeadersMoreModule). After you have to replace add_header with more_set_headers.

Example:

    more_set_headers 'Access-Control-Allow-Origin: $http_origin';
    more_set_headers 'Access-Control-Allow-Credentials: false';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT, PATCH, DELETE';
    more_set_headers 'Access-Control-Allow-Headers:Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization;
    more_set_headers 'Access-Control-Expose-Headers: Location';
回复 原文
绅士风度i 2024-10-19 16:27:10

请求:

$.ajax({
            url: "http://localhost:8079/students/add/",
            type: "POST",
            crossDomain: true,
            data: JSON.stringify(somejson),
            dataType: "json",
            success: function (response) {
                var resp = JSON.parse(response)
                alert(resp.status);
            },
            error: function (xhr, status) {
                alert("error");
            }
        });

回应:

response = HttpResponse(json.dumps('{"status" : "success"}'))
response.__setitem__("Content-type", "application/json")
response.__setitem__("Access-Control-Allow-Origin", "*")

return response

REQUEST:

$.ajax({
            url: "http://localhost:8079/students/add/",
            type: "POST",
            crossDomain: true,
            data: JSON.stringify(somejson),
            dataType: "json",
            success: function (response) {
                var resp = JSON.parse(response)
                alert(resp.status);
            },
            error: function (xhr, status) {
                alert("error");
            }
        });

RESPONSE:

response = HttpResponse(json.dumps('{"status" : "success"}'))
response.__setitem__("Content-type", "application/json")
response.__setitem__("Access-Control-Allow-Origin", "*")

return response
回复 原文
~没有更多了~

关于作者

白云悠悠

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文