我有一个Web服务，它的工作原理在 GET 。要访问该Web服务，一些自定义标题需要传递。

I have a web service which works over GET. To access this web service, some custom headers need to be passed.

当我尝试从javascript code与 GET 方法来访问Web服务，请求方法是越来越改为选项。 （域是不同的）

When I try to access the web service from javascript code with GET method, the request method is getting changed to OPTIONS. (the domain is different)

我读了一些文章，找出与自定义头的要求将是pre-flighted，并在实际的方法调用之前的情况下，OPTIONS方法的请求将到服务器。

I read some articles to find out that a request with Custom headers will be pre-flighted and in that case before the actual method call, a request with OPTIONS method will be made to the server.

但我的问题是选项通话，真正的方法（即 GET ）没有被调用后。

But my problem is after the OPTIONS call, the real method (i.e GET) is not being invoked.

在选项调用返回状态为401。

The OPTIONS call is returning the status as 401.

我怀疑这是因为我的网络服务支持 GET 只。我该如何解决这个问题呢？ 请帮助。 （我的code工作正常使用IE浏览器，但不与其他浏览器如Chrome浏览器）

I doubt this is because my web-service supports GET only. How can I solve the problem? Kindly help. (My code is working fine with IE but not with other browser e.g. Chrome)

推荐答案

两件事情检查（不知道你的服务器端语言/技术是什么）：

Two things to check for (with no idea what your server-side language / technique is):

您包括选项作为一个有效的方法，你的访问控制 - 允许 - 方法？例如：

Are you including OPTIONS as a valid method in your Access-Control-Allow-Methods? Example:

Access-Control-Allow-Methods: GET, OPTIONS

是您的要求发送返回给浏览器允许自定义页眉？ 例如：

Are the custom headers that your request sending being returned to the browser as allowed? Example:

Access-Control-Allow-Headers: X-PINGOTHER 

远程服务器有任何安全的，符合标准的浏览器之前返回这两个（和最绝的第二个）（即不是旧版本的IE），将允许非原产地响应才能通过。

The remote server has to return both of these (and most definitely the second one) before any secure, standards-compliant browser (ie not older versions of IE), will allow the non-origin response to come through.

所以，如果你想实现这个在HTTP服务器级别，并保持你的web服务的便携式，你可以尝试以下操作：

So, if you wanted to implement this at the HTTP server level and keep your web-service portable, you might try the following:

我们将假定您的Web服务的URL是 http://example.org/service 和路径，以服务为 / SRV /网络/服务

We'll assume your web-service URL is http://example.org/service and that the path to service is /srv/www/service

如果您正在运行的Apache 2.0，语法追加标题是添加，在2.2中，使用设置。

If you are running Apache 2.0, the syntax to append headers is add, on 2.2, use set.

所以，你应该修改 /srv/www/service/.htaccess 与

 Header set Access-Control-Allow-Methods "GET, OPTIONS"
 Header set Access-Control-Allow-Headers "X-MY_CUSTOM_HEADER1,X-MY_CUSTOM_HEADER2"
 Header set Access-Control-Allow-Origin "*"

当然， mod_headers中 Apache模块需要在对上述工作。此外，允许原产地设置为外卡是有风险的，这实际上将导致如果您要发送的的请求失败访问控制，允许-凭据：真正的头（不能在这种情况下使用通配符）。此外，在 SetEnvIf之后mod的Apache，你可以微调htaccess文件只有在适当的时候返回的头，而不是所有的请求到该目录。

Of course, the mod_headers Apache module needs to be on for the above to work. Also, setting the allow-origin to the wild card is risky, and it will actually cause the request to fail if you are sending the Access-Control-Allow-Credentials: true header (can't use wild cards in that case). Also, with the SetEnvIf mod for Apache, you could fine tune the htaccess file to only return the headers when appropriate, rather than for all requests to that directory.