被请求端返回头已设置
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, Accept-Language, Accept-Encoding,
X-Forwarded-For, Connection, Accept, User-Agent, Host, Referer,
Cookie, Content-Type, Cache-Control, *
Access-Control-Allow-Origin:根据Referer
javascript 代码如下
var x=new XMLHttpRequest();
x.open('GET','http://reiove.duoshuo.com/api/sites/listVisitors.json',1);
x.onload=function(){
console.log(x.responseText);
};
x.send();
但这样请求过去header里并没有附带 reiove.duoshuo.com 的 Cookie
如何让发送请求时附带所请求url站点的Cookie?
需要本地带上x.withCredentials = true;
在远端带上Access-Control-Allow-Credentials: true(你已经带了)
见 http://www.w3.org/TR/XMLHttpRequest/#the-withcredentials-attribute