如果您包含基本身份驗證,預覽的HTTP請求將如何顯示?像下面的談話?有鬧明白這頭需要發送的地方,還因爲它無法與螢火蟲正確調試它CORS和HTTP基本身份驗證
客戶端IM:
OPTIONS /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Origin: http://jsconsole.com
服務器:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
客戶:
GET /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Access-Control-Allow-Credentials: true
Origin: http://jsconsole.com
服務器:
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
WWW-Authenticate: Basic realm="Authorisation Required"
客戶:
GET /api/resource HTTP/1.1
Access-Control-Allow-Credentials: true
Authorization: Basic base64encodedUserAndPassword
Access-Control-Request-Method: GET
Origin: http://jsconsole.com
服務器:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
請參閱http://avalanche123.com/blog/2011/10/10/cross-domain-javascript-lessons-learned/ –
文章中途的「CORS with basic auth」部分。不幸的是,雪崩博客條目已過時。 Chrome完全支持基本身份驗證。但是,IE瀏覽器不會除非你使用安全設置。 – ianbeks