以下302重定向集的AJAX调用原点为null [英] AJAX call following 302 redirect sets origin to null
问题描述
我正在从域A到域B进行AJAX调用。
I'm doing an AJAX call from domain A to domain B.
我的域B检查A是否在允许的域列表中并设置访问-Control-allow-Origin
到域A.到目前为止,非常好。
My domain B checks if A is in the list of allowed domains and sets the Access-Control-allow-Origin
to domain A. So far, so good.
域B通过以下方式响应请求使用 Location
标头向域C发送302重定向。
Domain B responds to the request by sending a 302 redirect to domain C using the Location
header.
AJAX调用遵循重定向到域C但是有标题: 原产地:null
。
The AJAX call follows the redirect to domain C but has the header: Origin: null
.
我预计 origin
在跟随重定向后要设置为域A的标头。
I expected the origin
header to be set to domain A, after following the redirect.
有人可以向我解释为什么原点设置为 null
而不是域A?
Can anyone explain to me why the origin is set to null
instead of to domain A?
示例
-
从域A到B的请求
Request from domain A to B
GET / HTTP/1.1
Host: domain-B.com
Origin: http://domain-A.com
来自域B的回复:
Response from domain B :
Access-Control-Allow-Origin: http://domain-A.com
Location: http://domain-C.com
AJAX调用遵循重定向到域C:
AJAX call follows the redirect to domain C:
GET HTTP/ 1.1
Host: domain-C.com
Origin: null
推荐答案
看到这里,这似乎表明它与隐私敏感的背景有关。
See here, this seems to suggest its related to a "privacy-sensitive" context.
这篇关于以下302重定向集的AJAX调用原点为null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!