原因参考这篇
http://blog.csdn.net/sylvilagus/article/details/50233335
postman是基于浏览器的插件,发出的请求都是通过调用ajax/xmlhttprequest
的方式,必然受到浏览器的安全限制:
- 首先 XMLHttpRequest 出于安全考虑是不支持跨域的, 这一点postman已经向浏览器声明了需要跨域的权限
- 其次,部分header同样由于安全原因,是无法在浏览器中set的,受制于浏览器的用户特性
具体哪些header不能set,要看XMLHttpRequest.js
的源码实现
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method", "connection", "content-length", "content-transfer-encoding", "cookie", "cookie2", "date", "expect", "host", "keep-alive", "origin", "referer", "te", "trailer", "transfer-encoding", "upgrade", "via" ];
经验证,以上属性在postman中设置全部无效。解决方案是打开postman的拦截器(interceptor),之后就可以正常添加cookie了。