Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.7k views
in Technique[技术] by (71.8m points)

http - AJAX call following 302 redirect sets origin to null

I'm doing an AJAX call from domain A to domain B.

My domain B checks if A is in the list of allowed domains and sets the Access-Control-allow-Origin to domain A. So far, so good.

Domain B responds to the request by sending a 302 redirect to domain C using the Location header.

The AJAX call follows the redirect to domain C but has the header: Origin: null.

I expected the origin header to be set to domain A, after following the redirect.

Can anyone explain to me why the origin is set to null instead of to domain A?

Example

  1. Request from domain A to B

    GET / HTTP/1.1
    Host: domain-B.com
    Origin: http://domain-A.com
    
  2. Response from domain B :

    Access-Control-Allow-Origin: http://domain-A.com
    Location: http://domain-C.com
    
  3. AJAX call follows the redirect to domain C:

    GET  HTTP/ 1.1
    Host: domain-C.com
    Origin: null
    
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

See here, this seems to suggest its related to a "privacy-sensitive" context.

Are there any browsers that set the origin header to "null" for privacy-sensitive contexts?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...