In my Apache web server configuration, I add support for two headers that are not part of the standard six:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Expose-Headers: Content-Disposition,X-Filename
My file export CGI script prints headers containing data for these two fields, e.g.:
...
print "Content-Disposition: attachment; filename=%s\n" % (out_fn)
print "X-Filename: %s\n" % (out_fn)
...
My client-side AJAX call tries to retrieve the value of Content-Disposition on a successful AJAX request:
var export_form = new FormData();
export_form.append("settings", JSON.stringify(settings));
export_form.append("format", format);
$.ajax({
url: "services/export_data.py",
type: "POST",
async: true,
cache: false,
data: export_form,
processData: false,
contentType: false,
success: function(response, textStatus, jqXHR) {
console.log("success");
console.log(jqXHR.getAllResponseHeaders());
console.log(jqXHR.getResponseHeader('Content-Disposition'));
},
error: function(jqXHR, textStatus, errorThrown) {
console.log("export_form submit failed:", jqXHR.status, jqXHR.statusText);
console.log(jqXHR);
}
});
My test requests on the client side complete and run the success callback, and I get the file data back in the response field, but I get null for the response header Content-Disposition.
In other words, a sample result of console.log(jqXHR.getAllResponseHeaders()) is:
Date: Sat, 04 Mar 2017 19:42:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_perl/2.0.10 Perl/v5.16.3
Transfer-Encoding: chunked
Content-Type: application/pdf
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Disposition,X-Filename
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
While the result of console.log(jqXHR.getResponseHeader('Content-Disposition')) is empty:
null
Why is my AJAX request not able to retrieve the value of Content-Disposition, when I have made it explicitly available via the web server configuration, and I have set it correctly in the response?
To address issues with newlines, I used sys.stdout.write to get more control over the output, e.g.:
sys.stdout.write("Content-Type: %s\n" % (mime_type))
sys.stdout.write("Content-Disposition: attachment; filename=%s\n" % (output_fn))
sys.stdout.write("X-Filename: %s\n" % (output_fn))
sys.stdout.write("Content-Description: File to download\n\n")
with open(out_fn, "rb") as out_fh:
sys.stdout.write(out_fh.read())
Unfortunately, these two headers were still not visible to the AJAX response via console.log(jqXHR.getResponseHeader('Content-Disposition')) and console.log(jqXHR.getResponseHeader('X-Filename')), which were both null.
Access-Control-Expose-Headers only applies to CORS requests: Content-Disposition and X-Filename in your case are added to the six standard headers that another domain is allowed to see if it requests data from your server.
The request you're sending doesn't look like it's cross-origin, though: the URL services/export_data.py doesn't point to another domain and the output of console.log(jqXHR.getAllResponseHeaders()) includes headers like Server or Date that aren't in the six standard and two exposed headers.
I think your problem is server-side, not with the Javascript, and that you're not actually sending the two headers you want to include.
The CGI script seems to be written in Python (based on the file extension in the URL). If that's the case print "\n" actually prints two newlines and, since an empty line delimits headers and data in HTTP, the two headers you're adding would be included in the HTTP response but are treated as data and not headers. Is there any print statement before you're adding the Content-Disposition? That would explain why that's also not showing up as a header.
To solve this simply remove the trailing \n in your script:
...
print "Content-Disposition: attachment; filename=%s" % (out_fn)
print "X-Filename: %s" % (out_fn)
...
来源:https://stackoverflow.com/questions/42600632/access-control-expose-headers-setting-ignored