如何从跨域 Ajax 请求访问 Content-Length 标头?
我的 JavaScript 应用程序需要在使用 Ajax 下载资源之前确定资源的长度。通常这不是问题,您只需发出 HEAD 请求并提取 Content-Length
即可。
var xhr = $.ajax({type:"HEAD", url: "http://own-domain/file.html"})
xhr.getResponseHeader("Content-Length")
// "2195"
但是,资源存储在与客户端不同的服务器上。 (我控制的服务器)。因此,我使用 CORS 发出跨域 ajax 请求,并设置服务器来响应 HEAD 请求和带有自定义标头的 GET/POST 请求的预检请求。
这在主要方面工作得很好,但在使用 CORS 时,我似乎找不到从 HEAD 响应中提取 Content-Length
的方法:
var xhr = $.ajax({type:"HEAD", url: "http://other-domain/file.html"})
xhr.getResponseHeader("Content-Length")
// ERROR: Refused to get unsafe header "Content-Length"
我已经尝试过在预检或中设置各种标头在响应中,例如
Access-Control-Expose-Headers: Content-Length
规范似乎建议应该使其可用。但无论我做什么,我似乎都无法使 Content-Length 标头可供客户端使用。有什么建议吗?
(铬8)
My JavaScript application needs to determine the length of a resource before downloading it with Ajax. Ordinarily this is not a problem, you just make a HEAD request and extract the Content-Length
.
var xhr = $.ajax({type:"HEAD", url: "http://own-domain/file.html"})
xhr.getResponseHeader("Content-Length")
// "2195"
However, the resources are stored on a different server to the client. (A server I control). So I'm using CORS to make cross domain ajax requests, and have set up the server to respond to preflighting requests for HEAD requests and GET/POST requests with custom headers.
That is working great in the main, but I can't seem to find a way extract the Content-Length
from the HEAD response when working with CORS:
var xhr = $.ajax({type:"HEAD", url: "http://other-domain/file.html"})
xhr.getResponseHeader("Content-Length")
// ERROR: Refused to get unsafe header "Content-Length"
I have experimented with setting various headers in the preflighting or in the response, such as
Access-Control-Expose-Headers: Content-Length
which the specification seems to suggest should make it available. But no matter what I do, I can't seem to make the Content-Length header available to the client. Any suggestions?
(Chrome 8)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我遇到了同样的问题,直到我在其他地方找到一个线程,教我在我的 .htaccess 上添加这一行:
然后 BOOM,它得到修复。
I was having the same problem, till I found a thread somewhere else that taught me to add this line on my .htaccess:
Then BOOM, it got fixed.
我发现所有浏览器中的 CORS 响应标头支持都有问题。在 Chrome/Safari 中,我只在 getAllResponseHeaders() 的结果中看到简单的响应标头(http://www.w3.org/TR/cors/#terminology),即使“Access-Control-Expose-Headers”标头也是如此在响应中设置。在 Firefox 3.6.13 中, getAllResponseHeaders() 不返回任何内容(甚至不返回简单的响应标头)。作为一种解决方法,我想您可以重载一个简单的响应标头以包含内容长度,但这可能会导致其他问题,并且仍然无法修复 Firefox。
I've found CORS response header support in all browsers to be buggy. In Chrome/Safari, I only see simple response headers (http://www.w3.org/TR/cors/#terminology) in the result of getAllResponseHeaders(), even when the "Access-Control-Expose-Headers" header is set in the response. And in Firefox 3.6.13, getAllResponseHeaders() doesn't return anything (not even simple response headers). As a workaround, I suppose you could overload one of the simple response headers to include the content-length, but that may cause other issues, and still wouldn't fix Firefox.