对于youtube v3 CORS,不考虑返回的"Access-Control-Allow-Origin"

Question

我有一个客户端和一个服务器.我的工作流程如下:

1. 服务器使用API​​ v3将代码段上传到youtube并获取可恢复的网址(用于可恢复上传的Youtube v3 API - https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol)
2. 此URL从我的服务器发送到浏览器,浏览器在该浏览器中发出ajax PUT请求以将实际文件上载到可恢复的URL.
3. 这样,文件不会传输到服务器,而是直接从客户端上传.

结果我收到错误,无法上传文件.

XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 

这是ajax请求:

var ajax = $.ajax({
    url: options.url,
    method: 'PUT',
    crossDomain:true,
    contentType: options.file.type,
    headers: {
        'Authorization': 'Bearer ' + options.accessToken,
        'Content-Range': 'bytes ' + options.start + '-' + (options.file.size - 1) + '/' + options.file.size
    },
    processData: false,
    data: options.file
});

浏览器发送一个OPTIONS请求,如下所示:

Remote Address:173.194.65.95:443
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,es;q=0.6,pt;q=0.4,bg;q=0.2
Access-Control-Request-Headers:content-range, accept, authorization, content-type
Access-Control-Request-Method:PUT
Connection:keep-alive
Host:www.googleapis.com
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id: myuploadit-this one is long
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000
Alternate-Protocol:443:quic,p=0.02
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Sun, 11 Jan 2015 13:56:11 GMT
Server:UploadServer ("Built on Dec 19 2014 10:24:45 (1419013485)")

从这个回应我看到了

Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000

我明白,如果此请求来自,我可以向网址发送PUT请求

http://localhost:3000

在OPTIONS请求之后发出PUT请求:

Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Headers CAUTION: Provisional headers are shown.
Accept:*/*
Authorization:Bearer thishereistheaccesstoken
Content-Range:bytes 0-21234/21235
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id:myuploadid

我们可以看到

Origin:http://localhost:30000

因为这是PUT请求的来源,所以会出现.

但结果我确实有

XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 

为什么我在请求的资源上出现"No'Access-Control-Allow-Origin'标头." 鉴于'Access-Control-Allow-Origin'实际上是从OPTIONS请求返回给服务器的？