问题
In testing out an endpoint for CORS capability and I'm curious if someone can explain the following difference in results while using curl:
First, I tried the following:
$ curl -i https://api.github.com -H "Origin: http://github.com" -X OPTIONS
Which resulted in a successful response giving me what I'd expect in regards to an Access-Control-Allow-Origin header, among others.
Secondly, I tried this:
$ curl -i https://api.github.com -H "Origin: http://jamesdh.github.com" -X OPTIONS
Which resulted in a 500 error. The only thing changed being the Origin header passed in the initial request.
Pardon my CORS ignorance, but don't most servers just reflect the Origin path in the Access-Control-Allow-Origin response header? Why would GitHub work correctly with one, and then blow up on the other?
回答1:
Apparently for CORS requests, the domain must be registered as an OAuth application with GitHub first. From their docs at http://developer.github.com/v3/#cross-origin-resource-sharing I just caught the following:
Any domain that is registered as an OAuth Application is accepted. Here’s a sample...
It sure would be nice if they emphasized that a bit more! After creating an OAuth application that uses the desired GitHub Page URL as a domain/callback URL, this is now working as expected!
来源:https://stackoverflow.com/questions/14972551/cors-origin-inconsistency-on-http-options-request-when-testing-with-curl