浏览器和 AJAX 响应 CORS 标头不同
我正在尝试设置一个支持 CORS 的 API,我可以通过 JavaScript 访问该 API。
我用来测试的代码是这样的:
$(function(){
get = function(url_fragment)
{
$.ajax({
url: 'my_api',
dataType: 'json',
cache: false,
success: function(data)
{
alert('success');
},
error: function(data)
{
alert('failure');
}
})
}
get('');
});
这是一个相当简单的 AJAX 请求。
我已经在我的 nginx 配置中启用了 CORS
add_header Access-Control-Allow-Origin *;
并且当在浏览器中访问 API 时,firebug 显示了预期的标头
Access-Control-Allow-Origin *
Connection keep-alive
Content-Length 59
Content-Type application/json;charset=utf-8
Server nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Status 200
X-Frame-Options sameorigin
X-Powered-By Phusion Passenger (mod_rails/mod_rack) 3.0.11
X-XSS-Protection 1; mode=block
当我在 firebug 中查看 XHR 请求时,CORS 标头不存在:
Connection keep-alive
Content-Encoding gzip
Content-Type text/plain
Server nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Status 403
Transfer-Encoding chunked
X-Frame-Options sameorigin
X-Powered-By Phusion Passenger (mod_rails/mod_rack) 3.0.11
我在使用 时确实收到了正确的标头不用
$ curl -i my_api
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.11
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Length: 61
Server: nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Access-Control-Allow-Origin: *
说,我很困惑为什么这不起作用,有什么想法吗?
I'm trying to setup a CORS enabled API that I can access via JavaScript.
The code I'm using to test is this:
$(function(){
get = function(url_fragment)
{
$.ajax({
url: 'my_api',
dataType: 'json',
cache: false,
success: function(data)
{
alert('success');
},
error: function(data)
{
alert('failure');
}
})
}
get('');
});
It's a fairly simple AJAX request.
I've enabled CORS in my nginx config
add_header Access-Control-Allow-Origin *;
And when visiting the API in my browser, firebug shows the expected headers
Access-Control-Allow-Origin *
Connection keep-alive
Content-Length 59
Content-Type application/json;charset=utf-8
Server nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Status 200
X-Frame-Options sameorigin
X-Powered-By Phusion Passenger (mod_rails/mod_rack) 3.0.11
X-XSS-Protection 1; mode=block
When I view the XHR request in firebug the CORS header isn't present:
Connection keep-alive
Content-Encoding gzip
Content-Type text/plain
Server nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Status 403
Transfer-Encoding chunked
X-Frame-Options sameorigin
X-Powered-By Phusion Passenger (mod_rails/mod_rack) 3.0.11
I do receieve the correct headers when using curl
$ curl -i my_api
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.11
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Length: 61
Server: nginx/1.0.11 + Phusion Passenger 3.0.11 (mod_rails/mod_rack)
Access-Control-Allow-Origin: *
Needless to say, I'm confused as to why this isn't working, any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
add_header 仅适用于新的状态代码(200、204、301、302 或 304)。缺少标头的响应是 403,因此 add_header 将不起作用。第三方 headers more 模块更加灵活,可以为任何状态代码添加标头。
add_header only works with a new status codes (200, 204, 301, 302 or 304). The response missing the header is a 403, so add_header won't work. The third party headers more module is more flexible, and can add headers for any status code.