【发布时间】:2014-11-27 15:27:29
【问题描述】:
我有一段简单的代码,它使用 Yammer JavaScript api 在 Yammer 上查找用户可用的组,它看起来有点像这样:
yam.platform.request({
url: "groups.json?mine=1",
method: "GET",
success: function (data) {
callback(data);
},
error: function (error) {
console.log(error);
},
});
调用经过仔细包装,因此每个页面请求只发生一次,但它似乎完全任意地成功或失败。响应如下所示:
Response Headers
Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json; charset=utf-8
Date:Wed, 26 Nov 2014 17:32:42 GMT
P3P:CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server:nginx
Status:429
Transfer-Encoding:chunked
X-Date:1417023162896
X-Runtime:0.032459
X-UA-Compatible:IE=Edge,chrome=1
或者像这样:
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://my-access-origin.sharepoint.com
Access-Control-Expose-Headers:content-type, network_id, authorization, x-csrf-token, www-authenticate, x-xss-protection, ETag
Cache-Control:max-age=0, private, must-revalidate
Connection:keep-alive
Content-Type:application/json; charset=utf-8
Date:Thu, 27 Nov 2014 12:17:38 GMT
ETag:"123a45b67cd89ef01234ab45cd67ef"
P3P:CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server:nginx
Status:200 OK
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Date:1417090658344
X-Robots-Tag:none
X-Runtime:0.066098
X-UA-Compatible:IE=Edge,chrome=1
X-XSS-Protection:1; mode=block
在前一种情况下,我在开发工具的“网络”面板中看到如下所示的错误消息:
XMLHttpRequest 无法加载 https://api.yammer.com/api/v1/groups.json?mine=1&&_=123456。不 'Access-Control-Allow-Origin' 标头出现在请求的 资源。原点“https://my-access-origin.sharepoint.com”是 因此不允许访问。响应的 HTTP 状态代码为 429。
由于几个原因,这没有意义 - 首先,请求在这两种情况下完全相同,其次,我收到“429 Too Many Requests”作为状态代码,但有一个明确的报告表明应设置 Access-Control-Allow_origin 标头。它从不在我的请求中,但它似乎在成功的响应中。
谁能解释这是怎么回事?
【问题讨论】:
标签: javascript rest yammer