jQuery CORS将GET转换为OPTIONS调用 [英] jQuery CORS turns GET into OPTIONS call

问题描述

这是我使用的示例代码

    $.ajax({
        type: "get",
        url: "http://myserver.com",
        beforeSend: function (xhr, data) {
            xhr.setRequestHeader("Authorization", "xxxx");
        }
});

当我检查这个调用在firebug我看到OPTIONS和我看不到授权代码请求标题。
CORS标题已添加到服务器端。

when I inspect this call in firebug I see OPTIONS and also I can't see Authorization code in request header. CORS headers has been added to server side.

    response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
    response.addHeader("Access-Control-Max-Age", "60"); 
    response.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
    response.addHeader("Access-Control-Allow-Origin", "*");     
    response.addHeader("Access-Control-Allow-Credentials", "true"); 

如果可以执行这样的查询，建议使用纯jQuery。

Idea is to use pure jQuery if it's possible to perform such a queries.

推荐答案

由于您正在发送跨源Ajax请求并指定具有此GET请求的授权头，因此预检（OPTIONS）正在发生。

The preflight (OPTIONS) is occurring due to the fact that you are sending a cross-origin ajax request AND specifying an Authorization header with this GET request.

此外（这不是一个问题）我建议删除 contentType 选项。这在GET请求的上下文中没有意义。 GET请求不应包含任何内容。所有数据都应包含在查询字符串中，或​​者可能包含标题。

Also (this is not causing an issue) I would suggest removing the contentType option. This doesn't make sense in the context of a GET request. A GET request should not have any content. All data should be included in the query string or, possibly, headers.

授权标题不会与OPTIONS一起发送。您必须在服务器端确认，然后浏览器将发送基础GET。有关CORS的详情，请访问 https://developer.mozilla.org/en-US/ docs / HTTP / Access_control_CORS 。

The Authorization header will not be sent with the OPTIONS. You must acknowledge it server-side, and then the browser will send the underlying GET. Read more about CORS at https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS.

这篇关于jQuery CORS将GET转换为OPTIONS调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！