我用

xhrFields : { 
  withCredentials: true 
} 

在jQuery的$ ajax调用，以我的查询中发送会话cookie。

in jQuery $ajax calls, in order to send session cookies within my queries.

通话给我的Apache日志（二百分之四百○一取决于如果cookie设置）一个正确的状态code，但Firefox总是收到一个状态= 0（即$。阿贾克斯（）中的错误） 如果我删除此xhrFields区，状态code是确定（但Cookie不会发送）

The call gives a correct status code on my apache logs (401/200 depending if the cookie is set), but Firefox always receives a status=0 (i.e. an error in $.ajax()) If I remove this xhrFields section, status code is OK (but cookies are not sent)

下面是我收到的Firefox与xhrFields设置响应对象：

Here's the response object I receive in Firefox with the xhrFields setup:

{"readyState":0,"responseText":"","status":0,"statusText":"error"}

我的Apache的配置是CORS功能，并且还允许访问控制，允许-凭证（这里有相应的HTTP头）

My Apache config is CORS-enabled, and also allows Access-Control-Allow-Credentials (here are the corresponding HTTP headers)

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

有缺什么，无论是在AJAX调用，或在Web服务器上的配置？

Is there something missing, either in the AJAX call, or on the webserver config?

注：这工作完全正常的Chrome浏览器

NB: This works perfectly fine in Chrome

推荐答案

您可能要更明确地指定的访问控制 - 允许 - 产地标头不是*。

You probably have to specify the Access-Control-Allow-Origin header more explicitly than *.

https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials说：

重要提示：当响应资格的请求，服务器   必须指定一个域，而不能使用野生梳理。

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding.