客户:
$.support.cors = true;
// ajax option
beforeSend: function (XHR) {
XHR.withCredentials = true;
XHR.setRequestHeader("Authorization", "Bearer " + base.accessToken);
}
我使用“fiddler”并捕获请求,它显示不包含 cookie。
AuthN 服务器已设置 cookie。
Actually, preflight requests won't be sent with the cookie, it's just used to check wteather server api support CORS. So maybe you can close authentication of your server for OPTIONS methods
$.support.cors = 真;
就够了。
服务器端需要添加“AccessControlAllowCredentials”httpheader。