浏览器跨域问题?

原创
2017/09/01 14:56
阅读数 24

通过cors跨域的时候,浏览器总会先发出一个Options请求,主要是为了请求的合法性;但是这个Options请求是不会携带任何headers的,通过google:

I assume we're talking CORS here?

The OPTIONS request is constructed automatically by the browser, so you won't find any ExtJS code for building it. As far as I can tell you can't put custom headers on the OPTIONS request, they'll just be moved into the Access-Control-Request-Headers.

I believe this is the relevant section of the spec:

http://www.w3.org/TR/cors/#cross-ori...th-preflight-0

If I'm reading it correctly it seems pretty explicit that all headers and authentication will be stripped from the original request when generating the OPTIONS request.

A little searching suggests that some IIS users have requested that the spec be altered to allow authentication on the OPTIONS request but thus far this hasn't been added to the spec or implemented in browsers.

 

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部