如何获得一个跨域资源共享（CORS）职位要求的工作 [英] How to get a cross-origin resource sharing (CORS) post request working

问题描述

我有一台机器在我的本地局域网（machineA的），有两个Web服务器。首先是内置之一，XBMC（8080端口），并显示我们的图书馆。第二个服务器是CherryPy的Python脚本（8081端口），我使用触发点播文件的转换。文件转换是通过从XBMC服务器提供的页面上一个的AJAX POST请求触发

I have a machine on my local lan (machineA) that has two web servers. The first is the in-built one in XBMC (on port 8080) and displays our library. The second server is a CherryPy python script (port 8081) that I am using to trigger a file conversion on demand. The file conversion is triggered by a AJAX POST request from the page served from the XBMC server.

• 转到的http：// machineA的：8080 它显示库
• 在显示库
• 在用户点击转换链接，发出以下命令 -

• Goto http://machineA:8080 which displays library
• Library is displayed
• User clicks on 'convert' link which issues the following command -

jQuery的Ajax请求

jQuery Ajax Request

$.post('http://machineA:8081', {file_url: 'asfd'}, function(d){console.log(d)})

• 在浏览器以以下的头一个HTTP OPTIONS请求;

请求头 - 选项

Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://machineA:8080
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with

• 在服务器与下列响应;

响应头 - OPTIONS（STATUS = 200 OK）

Content-Length: 0
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:40:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/html;charset=ISO-8859-1

• 谈话，然后停止。浏览器，在理论上，发出POST请求的服务器用正确的回应CORS头（访问控制 - 允许 - 产地：*）（？）

有关疑难解答，我还签发了一份来自 http://jquery.com 同一$。员额命令。这是我难倒，从jquery.com，POST请求的工作原理，通过后下一个OPTIONS请求被发送。从这次交易的头是以下;

For troubleshooting, I have also issued the same $.post command from http://jquery.com. This is where I am stumped, from jquery.com, the post request works, a OPTIONS request is sent following by a POST. The headers from this transaction are below;

请求头 - 选项

Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://jquery.com
Access-Control-Request-Method: POST

响应头 - OPTIONS（STATUS = 200 OK）

Content-Length: 0
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:37:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/html;charset=ISO-8859-1

请求头 - POST

Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://jquery.com/
Content-Length: 12
Origin: http://jquery.com
Pragma: no-cache
Cache-Control: no-cache

响应头 - POST（STATUS = 200 OK）

Content-Length: 32
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:37:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/json

我想不通，为什么同样的请求，将工作从一个网站，而不是其他。我希望有人也许能够指出我错过了什么。感谢您的帮助！

I can't work out why the same request would work from one site, but not the other. I am hoping someone might be able to point out what I am missing. Thanks for your help!

推荐答案

在这个环节<我终于迷迷糊糊一href="http://stackoverflow.com/questions/5584923/a-cors-post-request-works-from-plain-javascript-but-why-not-with-jquery">A CORS POST请求的工作从简单的JavaScript，但为什么不使用jQuery？是指出的jQuery 1.5.1添加

I finally stumbled upon this link "A CORS POST request works from plain javascript, but why not with jQuery?" that notes that jQuery 1.5.1 adds the

 Access-Control-Request-Headers: x-requested-with

标题，所有的CORS请求。 jQuery的1.5.2并没有做到这一点。另外，根据同样的问题，设置了一个服务器响应头

header to all CORS requests. jQuery 1.5.2 does not do this. Also, according to the same question, setting a server response header of

Access-Control-Allow-Headers: *

不允许响应继续。您需要确保的响应头具体包括所需的标题。即：

does not allow the response to continue. You need to ensure the response header specifically includes the required headers. ie:

Access-Control-Allow-Headers: x-requested-with 

这篇关于如何获得一个跨域资源共享（CORS）职位要求的工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！