CORS 请求在 Firefox 中无效,在 Chrome 和 Safari 中有效

CORS request won't work in Firefox, works in Chrome and Safari

这个 fiddle 在 Chrome 中工作正常但在 Firefox 中不工作:http://jsfiddle.net/u5pugnbn/

index.html

<!DOCTYPE html>
<html>
  <head>
  </head>
  <body>
    <input type="button" value="Get Data" onclick="getData()"/>
    <h1 id="output"></h1>
  </body>

  <script src ="main.js"></script>
</html>

main.js

var API_URL = "http://andr3w321.pythonanywhere.com";

function getData() {
  var output = document.getElementById('output');
  var xhr = new XMLHttpRequest();
  var url = API_URL + "/hello";
  xhr.open("GET", url, true);
  xhr.onload = function (e) {
    if (xhr.readyState === 4) {
      if (xhr.status === 200) {
        output.innerHTML = xhr.responseText;
      } else {
        output.innerHTML = "Error: " + xhr.statusText;
      }
    }
  };
  xhr.onerror = function (e) {
    output.innerHTML = "Error: " + xhr.statusText;
  };
  xhr.send();
}

Python 瓶子服务器文件

from bottle import default_app, route, run, template, static_file, url, get, redirect, response, request

# allow requests from other domains
def enable_cors(fn):
    def _enable_cors(*args, **kwargs):
        # set CORS headers
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
        response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'

        if request.method != 'OPTIONS':
            # actual request; reply with the actual response
            return fn(*args, **kwargs)

    return _enable_cors


@route('/hello', method=['OPTIONS', 'GET'])
@enable_cors
def hello():
    return "hello"

application = default_app()

将静态 index.html 上传到域并将 Allow-Origin* 更改为特定域似乎没有帮助。

原来 Privacy badger 阻止了请求。在我访问 index.html 后禁用它后,它工作正常。