以前没注意到还Ajax跨域发两次请求, 一次Option, 一次真实的请求
Option请求发到Server端, Server端检查是不是自己人的请求, Header不能多也不能少必须按照服务配置传才能进行下次真实请求…
Ajax跨域发两次请求
1
2
3
4
5
6
7
8
9
| const request = {
method: 'GET',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Platform': 'wechat'
}
};
fetch(url, request);
|
服务端
response.setHeader("Access-Control-Allow-Headers", "Platform,Origin,Content-Type");
response.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("P3P","CP=CAO PSA OUR"); // 解决ie跨域不能使用cookie
第一次Options探测请求, 判断服务端是否支付跨域
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| Request URL:http://localhost:8080/opened/allCats
Request Method:OPTIONS
Status Code:200 OK
Remote Address:[::1]:8080
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Platform,Origin,Content-Type
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Access-Control-Max-Age:86400
Allow:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Connection:keep-alive
Content-Length:0
Date:Thu, 14 Jul 2016 06:56:28 GMT
Keep-Alive:timeout=2, max=100
P3P:CP=CAO PSA OUR
Server:Apache-Coyote/1.1
X-Application-Context:application
Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Access-Control-Request-Headers:accept, content-type, platform
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:3000
Pragma:no-cache
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.23 Mobile Safari/537.36
|
第二次真证请求
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| Request URL:http://localhost:8080/opened/allCats
Request Method:GET
Status Code:200 OK
Remote Address:[::1]:8080
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Platform,Origin,Content-Type
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Access-Control-Max-Age:86400
Connection:keep-alive
Content-Length:6568
Content-Type:application/json;charset=UTF-8
Date:Thu, 14 Jul 2016 06:56:28 GMT
Keep-Alive:timeout=2, max=100
P3P:CP=CAO PSA OUR
Server:Apache-Coyote/1.1
X-Application-Context:application
Request Headers
accept:application/json
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cache-Control:no-cache
Connection:keep-alive
content-type:application/json
Host:localhost:8080
Origin:http://localhost:3000
platform:wechat
Pragma:no-cache
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.23 Mobile Safari/537.36
|
问题:
只发一次Option, 观察response没有Access-Control-Allow-Headers等字段, 肯定是服务器问题
Chrome remote debugger
- chrome://inspect/#devices
- 第一次电脑端要翻墙, 否则inspect后白屏
参考:
http://1204363612.iteye.com/blog/2023088
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://www.html5rocks.com/en/tutorials/cors/
http://newhtml.net/using-cors/
https://www.manning.com/books/cors-in-action
https://www.w3.org/TR/cors/
JSONP与CORS: https://www.fastly.com/blog/caching-cors
