5

我有一个 CORS AJAX 请求,我正在尝试从 https 到 https 工作。从 http 到 http 时它工作正常,但由于 SSL 不发送 cookie 而失败。

这里有一些安全限制吗?我在withCredentials发出请求之前查看了 的状态,它设置为true. 知道是什么阻止了 cookie 被发送或如何调试吗?

这是初始飞行前 (OPTIONS) 请求:

Request URL:https://mydomain.com/resource
Request Method:OPTIONS
Status Code:200 OK

Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:X-CSRFToken
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Cookie: [COOKIES]
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19

Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-CSRFToken
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:https://www.google.com
Access-Control-Max-Age:86400
Connection:keep-alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=utf-8
Date:Mon, 09 Apr 2012 00:32:51 GMT
Server:nginx/0.8.54
Vary:Accept-Encoding

POST 请求:

请求网址:https://mydomain.com/resource 请求方式:POST 状态码:200 OK

Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:mydomain.com
Origin:https://www.google.com
Pragma:no-cache
Referer:https://www.google.com/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19
4

0 回答 0