我有一个客户端和一个服务器。我的工作流程如下:
- 服务器使用 API v3 将片段上传到 youtube 并获取可恢复的 url (Youtube v3 API for resumable uploads -https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol)
- 该 url 从我的服务器发送到浏览器,浏览器发出 ajax PUT 请求,将实际文件上传到可恢复的 url。
- 这样文件就不会传输到服务器,而是直接从客户端上传。
结果我收到错误并且无法上传文件。
XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
这是ajax请求:
var ajax = $.ajax({
url: options.url,
method: 'PUT',
crossDomain:true,
contentType: options.file.type,
headers: {
'Authorization': 'Bearer ' + options.accessToken,
'Content-Range': 'bytes ' + options.start + '-' + (options.file.size - 1) + '/' + options.file.size
},
processData: false,
data: options.file
});
浏览器发送一个 OPTIONS 请求,如下所示:
Remote Address:173.194.65.95:443
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,es;q=0.6,pt;q=0.4,bg;q=0.2
Access-Control-Request-Headers:content-range, accept, authorization, content-type
Access-Control-Request-Method:PUT
Connection:keep-alive
Host:www.googleapis.com
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id: myuploadit-this one is long
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000
Alternate-Protocol:443:quic,p=0.02
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Sun, 11 Jan 2015 13:56:11 GMT
Server:UploadServer ("Built on Dec 19 2014 10:24:45 (1419013485)")
从这个回应我看到
Access-Control-Allow-Headers:content-range, accept, authorization, content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://localhost:3000
我知道如果该请求来自,我可以向该网址发送 PUT 请求
http://localhost:3000
在 OPTIONS 请求之后,发出 PUT 请求:
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkey&part=snippet%2Cstatus&uploadType=resumable&upload_id=myuploadid
Request Headers CAUTION: Provisional headers are shown.
Accept:*/*
Authorization:Bearer thishereistheaccesstoken
Content-Range:bytes 0-21234/21235
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://localhost:3000
Referer:http://localhost:3000/episodes/0-do-you-know-your-enemy/preview
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Query String Parametersview sourceview URL encoded
key:mydevkey
part:snippet,status
uploadType:resumable
upload_id:myuploadid
正如我们所看到的
Origin:http://localhost:30000
之所以出现,是因为这是发出 PUT 请求的来源。
但结果我确实有
XMLHttpRequest cannot load https://www.googleapis.com/upload/youtube/v3/videos?key=mydevkeyanduploadid.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
为什么我会收到“请求的资源上不存在‘Access-Control-Allow-Origin’标头。”考虑到“Access-Control-Allow-Origin”实际上是从 OPTIONS 请求返回到服务器的?