我正在开发一个浏览器扩展。在一个脚本上运行的弹出页面,我正在做一个ajax请求。在xhr.onload事件处理程序的第一行,我有console.log(xhr.getAllResponseHeaders())。但是,响应中的一些头丢失了。我知道我的舱单可能有问题。Json文件,所以这里有一些额外的细节删除:
{
"manifest_version": 2,
"name": "...",
"version": "1.0",
"description": "...",
"options_ui": { "page": "options.html" },
"icons": {
"16": "icons/favicon-16x16.png",
"32": "icons/favicon-32x32.png"
},
"browser_action": {
"default_popup": "popup.html",
"default_icon": "./icons/favicon-32x32.png"
},
"key": "...",
"permissions": ["identity"],
"content_security_policy": "script-src 'self' https://unpkg.com https://apis.google.com https://www.gstatic.com https://www.googleapis.com https://securetoken.googleapis.com; object-src 'self'",
"content_scripts": ["..."]
}
这些是实际的响应头,根据网络调试选项卡:
HTTP/1.1 200 OK
Date: Wed, 27 Oct 2021 18:09:36 GMT
Server: WSGIServer/0.2 CPython/3.9.6
Content-Type: text/html; charset=utf-8
Hx-Trigger: setupLogin
X-Frame-Options: DENY
Content-Length: 220
Vary: Cookie, Origin
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: chrome-extension://kcegdmcjklppcfbmfjgkkomecpaofoec
然而,这是console.log(xhr.getAllResponseHeaders())在xhr.onloaded事件处理程序的第一行的输出:
content-length: 220
content-type: text/html; charset=utf-8
歌珥h1>你知道为什么getAllResponseHeaders()缺少这么多实际的标题吗?
我明白了。您需要在CORS上下文中设置Access-Control-Expose-Headers头,使头对在客户端上执行的脚本可见。
相关MDN:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers