【发布时间】:2016-04-26 09:39:58
【问题描述】:
我有一个非常奇怪的问题。我有一个 Web 服务构建,其中包含一个简单的 Perl CGI 脚本作为 API 的包装器(以允许受限的跨源控制)。
无论如何,为了允许跨域请求,我设置了这些标头:
Content-Type: text/plain
Access-Control-Allow-Origin: $origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Accept-Language, Content-Language
Content-Security-Policy: connect-src *
X-Content-Security-Policy: connect-src *
X-WebKit-CSP: connect-src *
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding, Origin
在哪里my $origin = $ENV{HTTP_ORIGIN} // '*';。
当脚本请求预期的资源时,来自 Wrapper 的响应如下(从 Firefox 复制):
HTTP/1.1 200 OK
Date: Wed, 20 Jan 2016 12:54:48 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Accept-Language, Content-Language
content-security-policy: connect-src *, frame-ancestors 'self'
X-Content-Security-Policy: connect-src *
X-WebKit-CSP: connect-src *
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding,Origin
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain
浏览器给我以下错误:
XMLHttpRequest cannot load http://www.example.com/cgi-bin/wrapper.pl. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example2.com' is therefore not allowed access.`
我还使用curl 和Postman 测试了调用,但这按预期工作。
问题是所有浏览器似乎都忽略了Access-Control-Allow-Origin 标头,即使他已设置。
【问题讨论】:
标签: javascript apache perl http-headers xmlhttprequest