Etag头没有从jQuery.ajax()跨来源XHR返回 [英] Etag header not returned from jQuery.ajax() cross-origin XHR
问题描述
为什么在 jqXHR.getAllResponseHeaders()
中没有返回 Etag
/ p>
运行:节点etag-server.js
(然后访问 http:// localhost :8080 /
)
etag-server.js
var fs = require('fs'),
http = require('http');
var webServer = http.createServer(function(request,response){
response.writeHead(200,{Content-Type:text / html});
response.end(fs.readFileSync('frontend.html'));
});
var apiServer = http.createServer(function(request,response){
response.writeHead(200,{
'Access-Control-Allow-Origin':'http: // localhost:8080',
'Cache-Control':'no-cache',
'Content-Type':'application / json; charset = utf-8',
' Etag':123,
'Expires':-1,
'Pragma':'no-cache'
});
response.end(JSON.stringify :[1,2,3]}));
});
webServer.listen(8080);
apiServer.listen(8081);
frontend.html
<!DOCTYPE html>
< html>
< head>
< title>没有从jQuery.ajax()跨来源XHR返回的Etag头< / title>
< script src =// code.jquery.com/jquery-1.10.2.min.jstype =text / javascript>< / script>
< script type =text / javascript>
$(document).ready(function(){
$ .ajax('// localhost:8081 /')
.done(function(data,textStatus,jqXHR){
$('pre')。text(jqXHR.getAllResponseHeaders());
})
.fail(function(jqXHR,textStatus,errorThrown){$('pre')。 );});
});
< / script>
< / head>
< body>
< pre>< / pre>
< / body>
< / html>
页面输出
Cache-Control:no-cache
Content-Type:application / json; charset = utf-8
Expires:-1
Pragma:no-cache
Etag
去了吗?他们被发送到浏览器:
HTTP / 1.1 200 OK
访问控制允许原产地: http:// localhost:8080
Cache-Control:no-cache
Content-Type:application / json; charset = utf-8
Etag:123
Expires:-1
Pragma:no-cache
日期:星期六,25 Jan 2014 02:20:47 GMT
Connection:keep-alive
Transfer-Encoding:chunked
(由Firebug报告) / p>
跨客户端代码中存在的ETag标头不能被客户端代码访问,除非服务器包含 Access-Control-Expose-Headers
头,其值为ETag。任何非简单响应头都是这样。
从 CORS spec :
7.1.1处理跨原始请求的响应
用户代理必须过滤出所有响应头,而不是那些是简单响应头或者其字段名是对Access-Control-Expose-Headers头的其中一个值不区分大小写的ASCII匹配(如果
简单的响应标题是限于:
- 缓存控制
- 内容语言
- 内容类型
- 到期
- 最后修改
- Pragma
客户端在响应中需要访问的所有其他头文件必须通过上面提到的响应标头公开。
Why is the Etag
header not being returned by jqXHR.getAllResponseHeaders()
in the following minimal example?
Run with: node etag-server.js
(then visit http://localhost:8080/
)
etag-server.js
var fs = require('fs'),
http = require('http');
var webServer = http.createServer(function (request, response) {
response.writeHead(200, {"Content-Type": "text/html"});
response.end(fs.readFileSync('frontend.html'));
});
var apiServer = http.createServer(function (request, response) {
response.writeHead(200, {
'Access-Control-Allow-Origin': 'http://localhost:8080',
'Cache-Control': 'no-cache',
'Content-Type': 'application/json; charset=utf-8',
'Etag': 123,
'Expires': -1,
'Pragma': 'no-cache'
});
response.end(JSON.stringify({ data: [1, 2, 3] }));
});
webServer.listen(8080);
apiServer.listen(8081);
frontend.html
<!DOCTYPE html>
<html>
<head>
<title>Etag header not returned from jQuery.ajax() cross-origin XHR</title>
<script src="//code.jquery.com/jquery-1.10.2.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function () {
$.ajax('//localhost:8081/')
.done(function (data, textStatus, jqXHR) {
$('pre').text(jqXHR.getAllResponseHeaders());
})
.fail(function (jqXHR, textStatus, errorThrown) { $('pre').text(textStatus); });
});
</script>
</head>
<body>
<pre></pre>
</body>
</html>
Page Output
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Pragma: no-cache
Where'd the Etag
go? They're being sent to the browser:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8080
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Etag: 123
Expires: -1
Pragma: no-cache
Date: Sat, 25 Jan 2014 02:20:47 GMT
Connection: keep-alive
Transfer-Encoding: chunked
(as reported by Firebug)
The ETag header present in cross-origin responses will not be accessible to client-side code unless the server includes an Access-Control-Expose-Headers
header in its response, with a value of "ETag". This is true of any "non-simple" response headers.
From the CORS spec:
7.1.1 Handling a Response to a Cross-Origin Request User agents must filter out all response headers other than those that are a simple response header or of which the field name is an ASCII case-insensitive match for one of the values of the Access-Control-Expose-Headers headers (if any), before exposing response headers to APIs defined in CORS API specifications.
Simple response headers are limited to:
- Cache-Control
- Content-Language
- Content-Type
- Expires
- Last-Modified
- Pragma
All other headers that the client needs to access in the response must be "exposed" via the response header I mentioned above.
这篇关于Etag头没有从jQuery.ajax()跨来源XHR返回的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!