Cors Access-Control-Allow-Headers通配符被忽略？ [英] Cors Access-Control-Allow-Headers wildcard being ignored?

问题描述

我无法使用chrome来使跨域cors请求正常工作。

请求标题：

 接受：* / * 
 Accept-Charset：ISO-8859-1，utf-8; q = 0.7，*; q = 0.3 
 Accept-Encoding：gzip，deflate，sdch 
 Accept-Language：en-US，en ; q = 0.8 
访问控制请求标头：origin，content-type 
访问控制请求方法：POST 
连接：keep-alive 
用户代理：Mozilla / 5.0（Macintosh; Intel Mac OS X 10_8_2）AppleWebKit / 537.4（KHTML，like Gecko）Chrome / 22.0.1229.94 Safari / 537.4 
  

响应头：

 访问控制允许标头：* 
访问-Control-Allow-Origin：* 
允许：GET，POST，OPTIONS 
 Content-Length：0 
 Date：Tue，30 Oct 2012 20:04:28 GMT 
 ：BaseHTTP / 0.3 Python / 2.7.3 
  

错误：

  XMLHttpRequest无法加载域。请求头字段Content-Type不被Access-Control-Allow-Headers允许。 
  

服务选项请求的python代码是：

  self.send_response（200）
 self.send_header（'Allow'，'GET，POST，OPTIONS'）
 self.send_header 
 self.send_header（'Content-Length'，'0'，''''''''）
 self.send_header（'Access-Control-Allow-Headers'，' ）
 self.end_headers（）
  

似乎Access-Control-Allow-Origin通配符

Access-Control-Allow-Headers 中的通配符支持 c $ c>标题仅在2016年5月添加到生活标准，因此可能不受所有支持浏览器。在尚未实现此功能的浏览器上，必须完全匹配： https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header

如果你希望有大量的头，你可以读取 Access-Control-Request-Headers 头的值，并回送该值在 Access-Control-Allow-Headers 标头中。

I am having trouble getting a cross domain cors request to work correctly using chrome.

Request Headers:

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

Response headers:

Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Allow:GET, POST, OPTIONS
Content-Length:0
Date:Tue, 30 Oct 2012 20:04:28 GMT
Server:BaseHTTP/0.3 Python/2.7.3

Error:

XMLHttpRequest cannot load domain. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

And the python code serving the options request is:

self.send_response(200)
self.send_header('Allow', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Headers', '*')
self.send_header('Content-Length', '0')
self.end_headers()

It seems the Access-Control-Allow-Origin wildcard is being ignored?

解决方案

Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers. On browser which don't implement this yet, it must be an exact match: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header

If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers header and echo that value back in the Access-Control-Allow-Headers header.

这篇关于Cors Access-Control-Allow-Headers通配符被忽略？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！