CORS接入控制允许头通配符被忽略? [英] Cors Access-Control-Allow-Headers wildcard being ignored?
问题描述
我有麻烦跨域CORS请求使用Chrome正常工作。
I am having trouble getting a cross domain cors request to work correctly using chrome.
请求报头:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
响应头:
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Allow:GET, POST, OPTIONS
Content-Length:0
Date:Tue, 30 Oct 2012 20:04:28 GMT
Server:BaseHTTP/0.3 Python/2.7.3
错误:
XMLHttpRequest cannot load domain. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
和服务选项请求蟒蛇code是:
And the python code serving the options request is:
self.send_response(200)
self.send_header('Allow', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Headers', '*')
self.send_header('Content-Length', '0')
self.end_headers()
看来访问控制允许来源通配符被忽略?
It seems the Access-Control-Allow-Origin wildcard is being ignored?
推荐答案
的接入控制允许标题
头不允许通配符。它必须是完全匹配:<一href=\"http://www.w3.org/TR/cors/#access-control-allow-headers-response-header\">http://www.w3.org/TR/cors/#access-control-allow-headers-response-header
The Access-Control-Allow-Headers
header does not allow wildcards. It must be an exact match: http://www.w3.org/TR/cors/#access-control-allow-headers-response-header
如果您预计会有大量的头,你可以在访问控制请求报头
头的值读取和回声的价值早在接入控制允许标题
头。
If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers
header and echo that value back in the Access-Control-Allow-Headers
header.
这篇关于CORS接入控制允许头通配符被忽略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!