从 RESTful Backbone 应用程序,我正在执行从
mydomain.com
到 myExtdomain.com
的 CORS 请求。
我 did 在我的
myExtdomain.com
服务器上设置了 CORS,我正在响应 OPTIONS
动词(任何 URL):
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Status Code: HTTP/1.1 204 No Content
以及我在
myExtdomain.com
上的 API 调用:
Access-Control-Allow-Origin: *
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
我什至拼命地尝试响应all我在
myExtdomain.com
上的所有HTTP请求:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
PUT
请求有效,但我的 GET
请求“有点失败”...200 OK
JSON
.GET
请求就会起作用回应
OPTIONS
动词:
REQUEST HEADERS
-----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
RESPONSE HEADERS
-----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
一个
PUT
请求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/account
Origin: http://mydomain.com
Host: www.myExtdomain.com
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 0
Access-Control-Allow-Origin: *
BODY RESPONSE
--------------
_Some_Json_Here_
魔法
GET
要求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/somepage
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
Server: Microsoft-IIS/7.0
Last-Modified: Fri, 15 Nov 2013 06:58:18 GMT
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 4041
Connection: keep-alive
RESPONSE BODY
--------------
Empty (0KB), it's supposed to be some JSON, that *SOMETIMES* (1/100) I get.. Magic.
将
Cache-Control: no-cache
标头添加到我所有的 API 调用响应(在 myExtdomain.com
上)解决了我的问题:
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache
出于某种原因,Firefox 正在缓存我的 API 调用,并且在缓存时,FF 无法再次解析 JSON.. 以空响应体或任何错误结束..
现在我记得这不是我第一次用 Firefox 强制
no-cache
..
再次,Chrome 一切正常,Chrome 不需要
Cache-Control: no-cache
标头。
如果有人知道 FF 和 Chrome(默认设置??)之间的这种区别,我很想知道更多。
希望这会为某人节省一些时间。
对我来说,解决方案是在服务器端的响应标头中添加
Access-Control-Allow-Credentials: true
:这是在客户端为request.withCredentials = true;
对象设置XMLHttpRequest
的对称。