doumengyin0491 2015-03-02 04:42
浏览 132
已采纳

Ajax CORS标头错误

I'm really struggling to figure out why this CORS request is getting denied. It's been driving me crazy. It gives an error "NetworkError: 500 Internal Server Error - http://api.example.com/v1/users/me" and then a message about cross-domain/CORS in Firebug.

JQuery

jQuery(document).ready(function(){

        var settings = {
            headers: {
                'Authorization': 'Token token= 12345'
            },
            type: 'GET',
            dataType: 'json'
        };

        var deferred = jQuery.ajax('http://api.example.com/v1/users/me', settings).then(
            function(data) {
                console.log(data);            
            }, function(error) {
                console.log(error);
            }
        );

});

Request Headers

OPTIONS /v1/users/me HTTP/1.1
Host: api.example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://fiddle.jshell.net
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Connection: keep-alive

Response Headers

HTTP/1.0 500 Internal Server Error
Date: Mon, 02 Mar 2015 04:28:29 GMT
Server: Apache/2.2.22
X-Powered-By: PHP/5.5.21
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: http://fiddle.jshell.net
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Headers: authorization
Set-Cookie: PHPSESSID=dfa4a0638bcf104d316f7358153bb2f9; path=/
Vary: User-Agent
Content-Type: application/json
X-Cache: MISS from 172.19.134.2
X-Cache-Lookup: MISS from 172.19.134.2:3128
Via: 1.0 172.19.134.2:3128 (squid/2.6.STABLE14)
Connection: close

If anyone is interested, I have this in PHP:

PHP

// Set Headers
header('Access-Control-Allow-Origin: http://fiddle.jshell.net');
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE');
header('Access-Control-Allow-Headers: authorization');      
header('Content-Type: application/json; charset=utf-8');    
  • 写回答

1条回答 默认 最新

  • duanpie4763 2015-03-02 04:58
    关注

    I strongly suspect that the CORS is failing simply because of the HTTP 500 code returned from the server. Thus, although the response contains valid information for CORS, the client ignores the information due to the message code indicating the response being invalid.

    Why 500 is being returned, is dependent on your server configs/app.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?