xmlhttprequest CORS 不允许我访问我的 api

xmlhttprequest CORS won't allow me to access my api

嘿,我确实对 CORS 有一些问题,我有 2 个网络服务器 运行 一个托管实际页面,另一个是 运行 一些 python cgi 脚本。 我的实际网页所在的页面对此做出响应 header:

一般

Request URL:http://10.208.71.10/de/svg/00000002.svg?base=undefined
Request Method:GET
Status Code:200 OK
Remote Address:10.208.71.10:80

回复Headers:

HTTP/1.0 200 OK
Server: WebMI SDK/0.9.0
Date: Tue, 26 Jan 2016 21:33:18 GMT
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Content-Length: 2378608
Content-Type: image/svg+xml
Last-Modified: Tue, 26 Jan 2016 21:13:28 GMT
Content-Encoding: gzip

查询字符串参数:

base=undefined

此页面包含一小段代码:

var getJSON = function(url, successHandler, errorHandler) {
  var xhr = typeof XMLHttpRequest != 'undefined'
    ? new XMLHttpRequest()
    : new ActiveXObject('Microsoft.XMLHTTP');
  xhr.open('get', url, true);
  xhr.setRequestHeader('origin', "http://10.208.65.216*");
  xhr.onreadystatechange = function() {
    var status;
    var data;
    // https://xhr.spec.whatwg.org/#dom-xmlhttprequest-readystate
    if (xhr.readyState == 4) { // `DONE`
      status = xhr.status;
      if (status == 200) {
        data = JSON.parse(xhr.responseText);
        successHandler && successHandler(data);
      } else {
        errorHandler && errorHandler(status);
      }
    }
  };
  xhr.send();
};

当我调用 getJSON("http://10.208.65.216:8082/cgi/3daxis.py", function(d) {...}, function(s) {...}); 浏览器拒绝它并出现 CORS 错误。

我的第二个网络服务器 运行 cgi 脚本会这样回答(如果浏览器会满意的话:S):

一般

Request URL:http://10.208.65.216:8082/cgi/3daxis.py
Request Method:GET
Status Code:200 Script output follows
Remote Address:10.208.65.216:8082

响应Headers

HTTP/1.0 200 Script output follows
Server: SimpleHTTP/0.6 Python/2.7.3
Date: Tue, 26 Jan 2016 19:35:35 GMT
Content-type: text/plain
Content-Location: 3daxis.py
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Cache-Control: no-cache, no-store, must-revalidate

我做错了什么?

Access-Control-Allow-Methods 不能有值 *。我建议学习 CORS protocol.