Access-Control-Allow-Methods不允许DELETE

Question

Access-Control-Allow-Methods不允许DELETE

Mår*_*röm 10 javascript jquery google-chrome http cors

我正在尝试DELETE使用jQuery从Chrome 发送跨域请求.

但是,在开发人员控制台中记录以下错误消息时失败:

XMLHttpRequest无法加载http://actual/url/here.Access-Control-Allow-Methods不允许使用DELETE方法.

javascript代码在localhost上运行,如下所示:

$.ajax({
    type: "DELETE",
    url: "http://actual/url/here",
    xhrFields: {
        withCredentials: true
    }
});

Run Code Online (Sandbox Code Playgroud)

这会导致发送此类飞行前请求:

OPTIONS http://actual/url/here HTTP/1.1
Host: actual
Connection: keep-alive
Access-Control-Request-Method: DELETE
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Access-Control-Request-Headers: accept
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Run Code Online (Sandbox Code Playgroud)

响应看起来像这样:

HTTP/1.1 200 OK
Cache-Control: must-revalidate, private
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Access-Control-Allow-Methods: DELETE GET HEAD POST PUT OPTIONS TRACE
Access-Control-Allow-Headers: accept
Access-Control-Max-Age: 900
Access-Control-Allow-Origin: null
Access-Control-Allow-Credentials: true
Date: Wed, 11 Mar 2015 15:03:46 GMT

Run Code Online (Sandbox Code Playgroud)

据我所知,这很好.客户端DELETE通过发送检查是否允许,Access-Control-Request-Method: DELETE服务器通过响应来确认是否允许Access-Control-Allow-Methods: DELETE GET HEAD POST PUT OPTIONS TRACE.

但是,不会DELETE发送任何请求,而是报告错误消息(上面).为什么？

Answer 1

Que*_*tin 24

Access-Control-Allow-Methods需要的值是以逗号分隔的列表,而不是以空格分隔的列表.

来自MDN:

Access-Control-Allow-Methods: <method>[, <method>]*
Run Code Online (Sandbox Code Playgroud)

"定义构造"#",类似于"*",用于定义元素列表.完整形式是"<n>#<m>元素",表示至少<n>和最多<m>个元素,每个由一个或多个逗号(",")和可选线性空白区域(LWS)分隔." - http://tools.ietf.org/html/rfc2616#section-2.1 (3认同)

归档时间：	10 年，7 月前
查看次数：	13745 次
最近记录：	6 年，3 月前