CORS接入控制允许头通配符被忽略？ [英] Cors Access-Control-Allow-Headers wildcard being ignored?

问题描述

我有麻烦跨域CORS请求使用Chrome正常工作。

I am having trouble getting a cross domain cors request to work correctly using chrome.

请求报头：

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

响应头：

Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Allow:GET, POST, OPTIONS
Content-Length:0
Date:Tue, 30 Oct 2012 20:04:28 GMT
Server:BaseHTTP/0.3 Python/2.7.3

错误：

XMLHttpRequest cannot load domain. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

和服务选项请求蟒蛇code是：

And the python code serving the options request is:

self.send_response(200)
self.send_header('Allow', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Headers', '*')
self.send_header('Content-Length', '0')
self.end_headers()

看来访问控制允许来源通配符被忽略？

It seems the Access-Control-Allow-Origin wildcard is being ignored?

推荐答案

的接入控制允许标题头不允许通配符。它必须是完全匹配：<一href=\"http://www.w3.org/TR/cors/#access-control-allow-headers-response-header\">http://www.w3.org/TR/cors/#access-control-allow-headers-response-header

The Access-Control-Allow-Headers header does not allow wildcards. It must be an exact match: http://www.w3.org/TR/cors/#access-control-allow-headers-response-header

如果您预计会有大量的头，你可以在访问控制请求报头头的值读取和回声的价值早在接入控制允许标题头。

If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers header and echo that value back in the Access-Control-Allow-Headers header.

这篇关于CORS接入控制允许头通配符被忽略？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！