忽略Access-Control-Expose-Headers设置 [英] Access-Control-Expose-Headers setting ignored
问题描述
在我的Apache Web服务器配置中,我添加了对两个不属于标准六个标题的标题的支持:
In my Apache web server configuration, I add support for two headers that are not part of the standard six:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Expose-Headers: Content-Disposition,X-Filename
我的文件导出CGI脚本打印包含这两个字段数据的标题,例如:
My file export CGI script prints headers containing data for these two fields, e.g.:
...
print "Content-Disposition: attachment; filename=%s\n" % (out_fn)
print "X-Filename: %s\n" % (out_fn)
...
我的客户端AJAX调用尝试检索<$ c $的值c>成功的AJAX请求中的Content-Disposition :
My client-side AJAX call tries to retrieve the value of Content-Disposition on a successful AJAX request:
var export_form = new FormData();
export_form.append("settings", JSON.stringify(settings));
export_form.append("format", format);
$.ajax({
url: "services/export_data.py",
type: "POST",
async: true,
cache: false,
data: export_form,
processData: false,
contentType: false,
success: function(response, textStatus, jqXHR) {
console.log("success");
console.log(jqXHR.getAllResponseHeaders());
console.log(jqXHR.getResponseHeader('Content-Disposition'));
},
error: function(jqXHR, textStatus, errorThrown) {
console.log("export_form submit failed:", jqXHR.status, jqXHR.statusText);
console.log(jqXHR);
}
});
我在客户端的测试请求完成并运行成功回调,我在响应字段中获取文件数据,但我得到 null 响应标题 Content-Disposition 。
My test requests on the client side complete and run the success callback, and I get the file data back in the response field, but I get null for the response header Content-Disposition.
换句话说,控制台的示例结果。 log(jqXHR.getAllResponseHeaders())是:
Date: Sat, 04 Mar 2017 19:42:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_perl/2.0.10 Perl/v5.16.3
Transfer-Encoding: chunked
Content-Type: application/pdf
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Disposition,X-Filename
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
虽然 console.log(jqXHR.getResponseHeader('Content-Disposition'))的结果为空:
null
为什么我的AJAX请求无法检索 Content-Disposition 的值,当我通过Web服务器配置明确提供它时,我已设置它在响应中是否正确?
Why is my AJAX request not able to retrieve the value of Content-Disposition, when I have made it explicitly available via the web server configuration, and I have set it correctly in the response?
为了解决换行问题,我使用了 sys.stdout。写以获得对输出的更多控制,例如:
To address issues with newlines, I used sys.stdout.write to get more control over the output, e.g.:
sys.stdout.write("Content-Type: %s\n" % (mime_type))
sys.stdout.write("Content-Disposition: attachment; filename=%s\n" % (output_fn))
sys.stdout.write("X-Filename: %s\n" % (output_fn))
sys.stdout.write("Content-Description: File to download\n\n")
with open(out_fn, "rb") as out_fh:
sys.stdout.write(out_fh.read())
不幸的是,这两个标题仍然是通过 console.log对AJAX响应不可见的( jqXHR.getResponseHeader('Content-Disposition'))和 console.log(jqXHR.getResponseHeader('X-Filename')),这些是两个 null 。
Unfortunately, these two headers were still not visible to the AJAX response via console.log(jqXHR.getResponseHeader('Content-Disposition')) and console.log(jqXHR.getResponseHeader('X-Filename')), which were both null.
推荐答案
访问控制-Expose-Headers 仅适用于CORS请求: Content-Disposition 和 X-Filename 在你的情况下被添加到六个标准标题中,如果它从你的服务器请求数据,则允许另一个域看到。
Access-Control-Expose-Headers only applies to CORS requests: Content-Disposition and X-Filename in your case are added to the six standard headers that another domain is allowed to see if it requests data from your server.
你发送的请求看起来不像比如它的交叉来源:URL services / export_data.p y 未指向另一个域, console.log(jqXHR.getAllResponseHeaders())的输出包含日期不在六个标准和两个公开标题中。
The request you're sending doesn't look like it's cross-origin, though: the URL services/export_data.py doesn't point to another domain and the output of console.log(jqXHR.getAllResponseHeaders()) includes headers like Server or Date that aren't in the six standard and two exposed headers.
我认为您的问题是服务器端,而不是Javascript,并且您实际上并没有发送要包含的两个标头。
I think your problem is server-side, not with the Javascript, and that you're not actually sending the two headers you want to include.
CGI脚本似乎是用Python编写的(基于URL中的文件扩展名)。如果是这种情况 print\ n实际打印两个换行符,并且由于空行界定了HTTP中的标题和数据,因此将添加您添加的两个标题在HTTP响应中,但被视为数据而不是标题。在添加 Content-Disposition 之前,是否有 print 语句?这可以解释为什么它也没有显示为标题。
The CGI script seems to be written in Python (based on the file extension in the URL). If that's the case print "\n" actually prints two newlines and, since an empty line delimits headers and data in HTTP, the two headers you're adding would be included in the HTTP response but are treated as data and not headers. Is there any print statement before you're adding the Content-Disposition? That would explain why that's also not showing up as a header.
要解决此问题,只需删除尾随的 \ n 在你的剧本中:
To solve this simply remove the trailing \n in your script:
...
print "Content-Disposition: attachment; filename=%s" % (out_fn)
print "X-Filename: %s" % (out_fn)
...
这篇关于忽略Access-Control-Expose-Headers设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
