ajax 如何禁止 预检请求,跨域AJAX预检失败原点检查

这似乎不起作用:

$.ajax({

url: "http://localhost:3000/foo.json",

data: { foo: 'bar' },

headers: { 'HTTP_X_CUSTOMHEADER': 'foobar' },

xhrFields: { withCredentials: true }

});

当我在jsfiddle上运行它时,一个OPTIONS请求(根据Chrome调试工具)会触发,如下所示:

Access-Control-Request-Headers: Origin, HTTP_X_CUSTOMHEADER, Accept

Access-Control-Request-Method: GET

Origin: http://fiddle.jshell.net

然后(根据Chrome调试工具)我的本地服务器返回以下标头:

(手动重新格式化以便于阅读)

Access-Control-Allow-Credentials: true

Access-Control-Allow-Headers: HTTP_X_CUSTOMHEADER

Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS

Access-Control-Allow-Origin: http://fiddle.jshell.net

Access-Control-Max-Age: 10

Cache-Control: no-cache

Connection: Keep-Alive

Content-Length: 1

Content-Type: text/html; charset=utf-8

Date: Wed, 14 Sep 2011 22:42:28 GMT

Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-01-10)

X-Runtime: 2

然后在控制台中我收到如下错误消息:

XMLHttpRequest cannot load http://localhost:3000/foo.json?foo=bar.

Origin http://fiddle.jshell.net is not allowed by Access-Control-Allow-Origin.

但是Access-Control-Allow-Origin标题看起来与我的服务器响应预检请求时相同.那么我在这里想到的这个难题是什么?