我意识到这个问题已经被问了十几次或更多次,给出的每个答复都表明我做得正确,但也许我遗漏了一些东西。
AJAX 提供 CORS 请求,就像这样......
$.ajax({
url: 'someotherdomain.com',
type: 'post',
data: {key: 'value'},
dataType: 'json',
async: false,
crossDomain: true,
beforeSend: function(xhr){
xhr.withCredentials = true;
},
success: function(x, status, xhr){
},
error: function(xhr, status, error){
}
});
PHP 像这样提供 CORS 请求......
header('Access-Control-Max-Age: 1728000');
header('Access-Control-Allow-Origin: http://someotherdomain.com');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Content-MD5, X-Alt-Referer');
header('Access-Control-Allow-Credentials: true');
header("Content-Type: application/json; charset=utf-8");
根据所有文档,只要设置“Access-Control-Allow-Credentials”服务器端标头和“withCredentials=true”客户端标头,域之间的会话 cookie 处理应该是透明的。我错过了什么吗?