背景:服务器提供https的api给浏览器ajax调用,并要允许跨域访问:
1. httpd.conf
去掉注释LoadModule headers_module modules/mod_headers.so
2. 修改以下配置
conf/extra/httpd-ssl<VirtualHost>
...
Header add Access-Control-Allow-Origin *
Header add Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header add Access-Control-Allow-Headers "Content-Type"
</VirtualHost>
这里一定要加Header add Access-Control-Allow-Headers "Content-Type"。
猜测是因为客户端要发送的类型是application/json,
所以在发送的OPTIONS请求头里出现:
Access-Control-Request-Headers:Content-Type, Accept
3. 重启apache
参见:http://www.w3.org/TR/cors/