翻译This doesn't seem to work:
$.ajax({ url: "http://localhost:3000/foo.json", data: { foo: 'bar' }, headers: { 'HTTP_X_CUSTOMHEADER': 'foobar' }, xhrFields: { withCredentials: true } });When I run it on jsfiddle, an OPTIONS request (according to the Chrome debug tools) fires off that looks like this:
Access-Control-Request-Headers: Origin, HTTP_X_CUSTOMHEADER, Accept Access-Control-Request-Method: GET Origin: http://fiddle.jshell.netAnd then (according to the Chrome debug tools) my local server returns the following headers:
(manually reformatted for readability)
Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: HTTP_X_CUSTOMHEADER Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: http://fiddle.jshell.net Access-Control-Max-Age: 10 Cache-Control: no-cache Connection: Keep-Alive Content-Length: 1 Content-Type: text/html; charset=utf-8 Date: Wed, 14 Sep 2011 22:42:28 GMT Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-01-10) X-Runtime: 2And then in the console I get an error message like this:
XMLHttpRequest cannot load http://localhost:3000/foo.json?foo=bar. Origin http://fiddle.jshell.net is not allowed by Access-Control-Allow-Origin.But the Access-Control-Allow-Origin header appears identical to when my server responded with to the preflight request. So what piece am I missing here of this puzzle?