CORS Access-Control-Allow-Headers 通配符被忽略? [英] CORS Access-Control-Allow-Headers wildcard being ignored?
问题描述
我无法使用 Chrome 获取跨域 CORS 请求以正常工作.
I am having trouble getting a cross domain CORS request to work correctly using Chrome.
请求头:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
响应头:
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Allow:GET, POST, OPTIONS
Content-Length:0
Date:Tue, 30 Oct 2012 20:04:28 GMT
Server:BaseHTTP/0.3 Python/2.7.3
错误:
XMLHttpRequest cannot load domain. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
服务选项请求的python代码是:
And the python code serving the options request is:
self.send_response(200)
self.send_header('Allow', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Headers', '*')
self.send_header('Content-Length', '0')
self.end_headers()
Access-Control-Allow-Origin 通配符似乎被忽略了?
It seems the Access-Control-Allow-Origin wildcard is being ignored?
推荐答案
Access-Control-Allow-Headers 标头中对通配符的支持是 仅在 2016 年 5 月添加到生活标准,因此可能并非所有浏览器都支持.在尚未实现此功能的浏览器上,它必须完全匹配:https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header
Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers. On browser which don't implement this yet, it must be an exact match: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header
如果您期望有大量标头,您可以读入 Access-Control-Request-Headers 标头的值并将该值回显到 Access-Control-Allow-标题 标题.
If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers header and echo that value back in the Access-Control-Allow-Headers header.
这篇关于CORS Access-Control-Allow-Headers 通配符被忽略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
