翻译Below is an XDomainRequest being made from javascript to a PHP Backend on Nginx on a different subdomain. The return result always executes the error function, and XDomainRequest doesn't give debugging details. Is there something wrong with the code?
Javascript
var xdr = new XDomainRequest(); xdr.open(method.toLowerCase(), url); timeout = 10000; // Required to XDomainRequest works xdr.timeout = timeout; xdr.onprogress = function() {}; xdr.ontimeout = function() { completeRequest(callback, 408, 'Timeout', 'Content-Type: text/plain'); xdr.abort(); }; xdr.onload = function() { completeRequest(callback, 200, xdr.responseText, 'Content-Type: ' + xdr.contentType); }; xdr.onerror = function() { completeRequest(callback, 500, 'Error', 'Content-Type: text/plain'); xdr.abort(); }; $browserDefer(function () { xdr.send(); }, 0); //fix IE bug that raises '$apply already in progress' on cached requests if (timeout > 0) { $browserDefer(function() { status = -1; xdr.abort(); }, timeout); }PHP with PreFlight Options Check
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && ($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'DELETE' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'PUT' )) { header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); header("Access-Control-Allow-Credentials: true"); //header('Access-Control-Allow-Headers: *,X-Requested-With,Content-Type'); header('Access-Control-Allow-Headers: Content-Type'); header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT'); // http://stackoverflow.com/a/7605119/578667 header('Access-Control-Max-Age: 86400'); echo PVResponse::createResponse(200, 'Successful Connection'); } exit(); } header('Access-Control-Allow-Origin: '. $_SERVER['HTTP_ORIGIN'] ); header('Access-Control-Allow-Credentials: true' ); header('Access-Control-Request-Method: *'); header('Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: *,x-requested-with,Content-Type'); header('X-Frame-Options: DENY'); //Execute rest of PHP code after headers have been setI've gotten cross subdomain calls to work in every other browser. Is there something special for IE8 and IE9, like a special Allow-Headers or something else I am missing?