本篇文章主要介绍了"Ajax跨域(CROS)请求中的Preflighted requests",主要涉及到request,ajax跨域方面的内容,对于Javascriptjrs看球网直播吧_低调看直播体育app软件下载_低调看体育直播感兴趣的同学可以参考一下:
预检请求(Preflighted requests )是一种浏览器跨域请求中询问服务器对跨域请求的支持情况。关于预检请求满足预检请求的2个重要特征(满足其中之一...
预检请求(Preflighted requests )是一种浏览器跨域请求中询问服务器对跨域请求的支持情况。
关于预检请求
满足预检请求的2个重要特征(满足其中之一):
使用了 GET, HEAD , POST,PUT等方法时,Content-Type传输类型是 application/x-www-form-urlencoded, multipart/form-data, text/plain,text/xml等
请求头使用了自定义的Header
举个例子
var xhr= new XMLHttpRequest();
var url = 'http://bar.other/resources/post-here/';var body = 'Arun';
function callOtherDomain(){
if(invocation)
{
xhr.open('POST', url, true);
xhr.setRequestHeader('X-PINGOTHER', 'pingpong'); //自定义的Header
xhr.setRequestHeader('Content-Type', 'application/xml'); //特殊的文档类型
xhr.onreadystatechange = function(){};
xhr.send(body);
}
}
满足以上之一,便可发起预检请求,预检请求流程如下
OPTIONS /resources/post-here/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Origin: http://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER, Content-Type
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain
POST /resources/post-here/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
X-PINGOTHER: pingpong
Content-Type: text/xml; charset=UTF-8
Referer: http://foo.example/examples/preflightInvocation.html
Content-Length: 55
Origin: http://foo.example
Pragma: no-cache
Cache-Control: no-cache
Arun
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:40 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 235
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/plain
[Some GZIP'd payload]
我们看到,首次发起的是OPTIONS请求,因为OPTIONS请求的作用本身就是询问服务器的请求,他这里询问浏览器是否支持如下条件请求
