others - 在请求的资源上,没有‘Access-Control-Allow-Origin’标头,'正在调用的URL'不允许访问


 $.ajax({
 url: tokenEndpoint,
 type: 'GET',
 // jsonp is not an option and it does not work anyway with my server setup
 dataType:"json", // including this does not help
 crossDomain: true, // including this does not help
 beforeSend: function (xhr) {
 xhr.setRequestHeader('Authorization', 'Basic xxxxx');
 },
 success: function () {
 alert('success!');
 },
 error: function(xhr, errorType, exception) {
 }
 });

以下是我得到的跟踪:

*CORS 请求*


OPTIONS http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://ORIGIN_DOMAIN
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

响应


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: http://ORIGIN_DOMAIN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,authorization
Content-Length: 15

{"status":"ok"}

实际的AJAX请求


GET http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Accept: */*
Origin: http://ORIGIN_DOMAIN
Authorization: Basic xxxxx
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

AJAX响应


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 560
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: xxxxx


{
"access_token":"xxxxx",
"expires_in": xxx
}

有什么可以让它工作的思路?

时间:

错误消息中提示,响应缺少Access-Control-Allow-Origin头,所以问题出在你的服务器,你需要在响应中包含这个header。

...