javascript - CORS 请求在 Firefox 中不起作用，但在 Chrome 和 Safari 中起作用

Question

这个 fiddle 在 Chrome 中工作正常，但在 Firefox 中不行:http://jsfiddle.net/u5pugnbn/

index.html

<!DOCTYPE html>
<html>
  <head>
  </head>
  <body>
    <input type="button" value="Get Data" onclick="getData()"/>
    <h1 id="output"></h1>
  </body>

  <script src ="main.js"></script>
</html>

main.js

var API_URL = "http://andr3w321.pythonanywhere.com";

function getData() {
  var output = document.getElementById('output');
  var xhr = new XMLHttpRequest();
  var url = API_URL + "/hello";
  xhr.open("GET", url, true);
  xhr.onload = function (e) {
    if (xhr.readyState === 4) {
      if (xhr.status === 200) {
        output.innerHTML = xhr.responseText;
      } else {
        output.innerHTML = "Error: " + xhr.statusText;
      }
    }
  };
  xhr.onerror = function (e) {
    output.innerHTML = "Error: " + xhr.statusText;
  };
  xhr.send();
}

Python Bottle 服务器文件

from bottle import default_app, route, run, template, static_file, url, get, redirect, response, request

# allow requests from other domains
def enable_cors(fn):
    def _enable_cors(*args, **kwargs):
        # set CORS headers
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
        response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'

        if request.method != 'OPTIONS':
            # actual request; reply with the actual response
            return fn(*args, **kwargs)

    return _enable_cors


@route('/hello', method=['OPTIONS', 'GET'])
@enable_cors
def hello():
    return "hello"

application = default_app()

将静态index.html上传到域并将Allow-Origin从*更改为特定域似乎没有帮助。

Answer 1

事实证明，隐私獾阻止了该请求。在访问index.html后禁用它后，它工作正常。