我有一个由 HTTP 提供的页面。客户端代码向同一域发送 AJAX 授权请求,但使用 HTTPS。(所以它是CORS)。
FireFox 生成此请求: // 域和 cookie 已更改
OPTIONS /auth/registration/json/info/ HTTP/1.1
Host: my-site.dev
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,pl;q=0.8,ru;q=0.6,en-us;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Origin: http://my-site.dev
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Connection: keep-alive
我的服务器响应:
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 07 Nov 2013 09:55:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://my-site.dev
Vary: Cookie
Access-Control-Allow-Origin: http://my-site.dev
Access-Control-Allow-Methods: OPTIONS, GET
Set-Cookie: csrftoken=foobar; expires=Thu, 06-Nov-2014 09:55:55 GMT; Max-Age=31449600; Path=/
0
FireBug 显示 OPTIONS 请求成功,但之后不触发 GET 请求:
我的回答有什么问题?