Only simple response headers are exposed when using CORS. Simple response headers are defined here. ETagis not a simple response headers. If you want to expose non-simple headers, you need to set the Access-Control-Expose-Headersheader, like so:

使用 CORS 时只公开简单的响应头。此处定义了简单的响应标头。 ETag不是简单的响应头。如果要公开非简单标头，则需要设置Access-Control-Expose-Headers标头，如下所示：

Access-Control-Expose-Headers: ETag

However, note that I've noticed bugs in Chrome, Safari and Firefox that prevent non-simple headers from being exposed correctly. This may be fixed by now, I'm not sure.

但是，请注意，我注意到 Chrome、Safari 和 Firefox 中的错误会阻止非简单标头正确公开。这可能现在已经解决了，我不确定。

You shouldn't need to do a preflight request, since preflight is only required for non-GET/POST http methods or non-simple requestheaders (and you are asking about responseheaders).

您不需要执行预检请求，因为只有非 GET/POST http 方法或非简单请求标头（并且您正在询问响应标头）才需要预检。

Have you ever tried AJAX 2.0 (Cross domain sharing) is a methodology fairly recently brought out by W3C: http://www.w3.org/TR/XMLHttpRequest2/#ref-cors

你有没有试过 AJAX 2.0（跨域共享）是 W3C 最近提出的一种方法：http: //www.w3.org/TR/XMLHttpRequest2/#ref-cors

Also there is another way of doing this, which is called JSON-P, it's like a JSON request, but you can use it for cross-domains: http://en.wikipedia.org/wiki/JSONP

还有另一种方法，称为 JSON-P，它类似于 JSON 请求，但您可以将其用于跨域：http: //en.wikipedia.org/wiki/JSONP

Both can be very dangerous to the site owners if not setup correctly though. So do be careful when using it.

如果没有正确设置，两者对网站所有者来说都是非常危险的。所以使用时一定要小心。

[PS] Not sure if this will help : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

[PS] 不确定这是否有帮助：http: //www.w3.org/Protocols/rfc2616/rfc2616-sec14.html