Cors Access-Control-Allow-Headers通配符被忽略? [英] Cors Access-Control-Allow-Headers wildcard being ignored?
问题描述
我无法使用chrome来使跨域cors请求正常工作。
请求标题:
接受:* / *
Accept-Charset:ISO-8859-1,utf-8; q = 0.7,*; q = 0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en ; q = 0.8
访问控制请求标头:origin,content-type
访问控制请求方法:POST
连接:keep-alive
用户代理:Mozilla / 5.0(Macintosh; Intel Mac OS X 10_8_2)AppleWebKit / 537.4(KHTML,like Gecko)Chrome / 22.0.1229.94 Safari / 537.4
响应头:
访问控制允许标头:*
访问-Control-Allow-Origin:*
允许:GET,POST,OPTIONS
Content-Length:0
Date:Tue,30 Oct 2012 20:04:28 GMT
:BaseHTTP / 0.3 Python / 2.7.3
错误:
XMLHttpRequest无法加载域。请求头字段Content-Type不被Access-Control-Allow-Headers允许。
服务选项请求的python代码是:
self.send_response(200)
self.send_header('Allow','GET,POST,OPTIONS')
self.send_header
self.send_header('Content-Length','0','''''''')
self.send_header('Access-Control-Allow-Headers',' )
self.end_headers()
似乎Access-Control-Allow-Origin通配符
Access-Control-Allow-Headers $>中的通配符支持 c $ c>标题仅在2016年5月添加到生活标准,因此可能不受所有支持浏览器。在尚未实现此功能的浏览器上,必须完全匹配: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header
如果你希望有大量的头,你可以读取 Access-Control-Request-Headers
头的值,并回送该值在 Access-Control-Allow-Headers
标头中。
I am having trouble getting a cross domain cors request to work correctly using chrome.
Request Headers:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Response headers:
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Allow:GET, POST, OPTIONS
Content-Length:0
Date:Tue, 30 Oct 2012 20:04:28 GMT
Server:BaseHTTP/0.3 Python/2.7.3
Error:
XMLHttpRequest cannot load domain. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
And the python code serving the options request is:
self.send_response(200)
self.send_header('Allow', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Headers', '*')
self.send_header('Content-Length', '0')
self.end_headers()
It seems the Access-Control-Allow-Origin wildcard is being ignored?
Support for wildcards in the Access-Control-Allow-Headers
header was added to the living standard only in May 2016, so it may not be supported by all browsers. On browser which don't implement this yet, it must be an exact match: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header
If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers
header and echo that value back in the Access-Control-Allow-Headers
header.
这篇关于Cors Access-Control-Allow-Headers通配符被忽略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!