CORS / xhr.getRequestHeaders

2019-07-01 22:12发布

站内问答 / JavaScript
1647 4 4

Greetings,

I am trying to use CORS (http://www.w3.org/TR/2009/WD-cors-20090317/#access-control-allow-methods-header) for an application on Safari, and when I try to read the response headers from the XMLHTTPRequest, I only receive the Content-Type. None of the other quite standard headers gets through, and I cannot figure out how to get this to work.

Anyone would happen to know how to fix this issue? Could this be a WebKit bug?

Edit

here is the config i use with nGinx:

add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers Cache-Control,Pragma,Date;
add_header Access-Control-Allow-Methods GET,POST;

4条回答
做自己的国王
2楼-- · 2019-07-01 22:32

In order for headers to be exposes to JS, you need to set the Access-Control-Expose-Headers header to a comma-separated list of headers you want to expose.

Unfortunately, this header is poorly supported. Mozilla only implemented it in Firefox 4, Webkit as of this moment still does not implement it. I am not sure about IE8 and above (google didn't turn up anything useful, and I don't have them around to test with myself).

(see also eg. Restrictions of XMLHttpRequest's getResponseHeader()? )

查看更多
0人赞 添加讨论(0) 举报
▲ chillily
3楼-- · 2019-07-01 22:34

REQUEST:

$.ajax({
            url: "http://localhost:8079/students/add/",
            type: "POST",
            crossDomain: true,
            data: JSON.stringify(somejson),
            dataType: "json",
            success: function (response) {
                var resp = JSON.parse(response)
                alert(resp.status);
            },
            error: function (xhr, status) {
                alert("error");
            }
        });

RESPONSE:

response = HttpResponse(json.dumps('{"status" : "success"}'))
response.__setitem__("Content-type", "application/json")
response.__setitem__("Access-Control-Allow-Origin", "*")

return response
查看更多
0人赞 添加讨论(0) 举报
太酷不给撩
4楼-- · 2019-07-01 22:37

I've been in same situation yesterday. https://stackoverflow.com/users/713326/gijs gave you the right answer but there is another part that is specific to nginx that you have to take care. "add header" is working only in the case where the response from a service is successful (200, 204, 301, 302 or 304). You have to do a custom build of nginx to include HttpHeadersMoreModule (http://wiki.nginx.org/HttpHeadersMoreModule). After you have to replace add_header with more_set_headers.

Example:

    more_set_headers 'Access-Control-Allow-Origin: $http_origin';
    more_set_headers 'Access-Control-Allow-Credentials: false';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT, PATCH, DELETE';
    more_set_headers 'Access-Control-Allow-Headers:Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization;
    more_set_headers 'Access-Control-Expose-Headers: Location';
查看更多
0人赞 添加讨论(0) 举报
Animai°情兽
5楼-- · 2019-07-01 22:39

Have you verified that your server is actually emitting the Cache-Control, Pragma and Date headers? Perhaps set up a Wireshark trace on the client to see the actual HTTP headers that are being exchanged?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)