正如TimK指出的那样,jquery 1.5.2不再需要这个。但是,如果您想添加自定义标头或允许使用凭据(用户名,密码或cookie等),请继续阅读。
我想我找到了答案!(4小时后诅咒很多)//This does not work!!Access-Control-Allow-Headers: *
您需要手动指定您将接受的所有标题(至少在FF 4.0和Chrome 10.0.648.204中就是这种情况)。
jQuery的$ .ajax方法为所有跨域请求发送“x-requested-with”标头(我认为它是唯一的跨域)。
因此,响应OPTIONS请求所需的缺少标头是://no longer needed as of jquery 1.5.2Access-Control-Allow-Headers: x-requested-with
如果您传递任何非“简单”标题,则需要将它们包含在列表中(我再发送一个)://only need part of this for my custom headerAccess-Control-Allow-Headers: x-requested-with, x-requested-by
所以把它们放在一起,这是我的PHP:// * wont work in FF w/ Allow-Credentials//if you dont need Allow-Credentials, * seems to workheader('Access-Control-Allow-Origin: http://www.example.com');//if you need cookies or login etcheader('Access-Control-Allow-Credentials: true');if ($this->getRequestMethod() == 'OPTIONS'){
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Max-Age: 604800');
//if you need special headers
header('Access-Control-Allow-Headers: x-requested-with');
exit(0);}