跨域资源共享 GET:“拒绝获取不安全标头‘etag’”来自回应
没有自定义标头的简单 GET 请求。响应按预期返回。正文中的数据是可访问的,但标头则不可访问。
当我尝试访问“etag”标头时,浏览器引发异常:
拒绝获取不安全标头“etag”
Chrome、Safari 和 Firefox 的行为均相同。我没有在IE上测试过。
我在这里缺少什么?
A simple GET request with no custom headers. The response is returned as expected. The data in the body is accessible, but not the headers.
When I try to access the "etag" header, browsers raise an exception :
Refused to get unsafe header "etag"
Chrome, Safari and Firefox all behave the same. I didn't test it on IE.
What am I missing here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
使用 CORS 时仅公开简单的响应标头。简单响应标头在此处定义。
ETag不是一个简单的响应头。如果要公开非简单标头,则需要设置Access-Control-Expose-Headers标头,如下所示:但是,请注意,我注意到 Chrome、Safari 和 Firefox 中存在以下错误:防止非简单标头正确暴露。这个问题现在可能已经解决了,我不确定。
您不需要执行预检请求,因为只有非 GET/POST http 方法或非简单请求标头才需要预检(并且您正在询问响应 标题)。
Only simple response headers are exposed when using CORS. Simple response headers are defined here.
ETagis not a simple response headers. If you want to expose non-simple headers, you need to set theAccess-Control-Expose-Headersheader, like so:However, note that I've noticed bugs in Chrome, Safari and Firefox that prevent non-simple headers from being exposed correctly. This may be fixed by now, I'm not sure.
You shouldn't need to do a preflight request, since preflight is only required for non-GET/POST http methods or non-simple request headers (and you are asking about response headers).
您是否尝试过 AJAX 2.0(跨域共享)是 W3C 最近推出的一种方法:http://www.w3.org/TR/XMLHttpRequest2/#ref-cors
还有另一种方法可以做到这一点,称为 JSON-P,它就像 JSON 请求,但你可以使用它对于跨域: http://en.wikipedia.org/wiki/JSONP
两者都可以如果设置不正确,对网站所有者来说非常危险。所以使用时一定要小心。
[附注]
不确定这是否有帮助:http://www.w3.org/Protocols/ rfc2616/rfc2616-sec14.html
Have you ever tried AJAX 2.0 (Cross domain sharing) is a methodology fairly recently brought out by W3C: http://www.w3.org/TR/XMLHttpRequest2/#ref-cors
Also there is another way of doing this, which is called JSON-P, it's like a JSON request, but you can use it for cross-domains: http://en.wikipedia.org/wiki/JSONP
Both can be very dangerous to the site owners if not setup correctly though. So do be careful when using it.
[PS]
Not sure if this will help : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html