跨域资源共享GET:'不肯不安全头" ETAG"“从响应 [英] Cross Domain Resource Sharing GET: 'refused to get unsafe header "etag"' from Response
问题描述
没有自定义页眉简单的GET请求。如预期的响应返回。在主体中的数据是可访问的,但不是报头
A simple GET request with no custom headers. The response is returned as expected. The data in the body is accessible, but not the headers.
当我尝试访问ETAG头,浏览器产生一个异常:
When I try to access the "etag" header, browsers raise an exception :
不肯不安全的标题ETAG
Refused to get unsafe header "etag"
Chrome浏览器,Safari和Firefox都具有相同的行为。我没有对IE浏览器进行测试。
Chrome, Safari and Firefox all behave the same. I didn't test it on IE.
我是什么在这里失踪?
推荐答案
只有简单的响应头使用的是CORS当暴露。简单的响应报头都在这里定义。 的ETag 不是一个简单的响应头。如果你希望公开非简单的标题,你需要设置访问控制 - 揭露-头头,像这样:
Only simple response headers are exposed when using CORS. Simple response headers are defined here. ETag is not a simple response headers. If you want to expose non-simple headers, you need to set the Access-Control-Expose-Headers header, like so:
Access-Control-Expose-Headers: ETag
不过,请注意,我注意到在Chrome,Safari和Firefox被正确地暴露了prevent非简单的标题错误。这可能是固定的现在,我不知道。
However, note that I've noticed bugs in Chrome, Safari and Firefox that prevent non-simple headers from being exposed correctly. This may be fixed by now, I'm not sure.
您应该不需要做preflight的要求,因为preflight只用于非GET / POST HTTP方法还是非简单的请求的标题(和你询问的响应的头)。
You shouldn't need to do a preflight request, since preflight is only required for non-GET/POST http methods or non-simple request headers (and you are asking about response headers).
这篇关于跨域资源共享GET:'不肯不安全头" ETAG"“从响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
