I have a cross-domain AJAX GET which gets pre-flighted successfully, but the cookies don't get attached to the GET request. When the user clicks a log in button, a POST is made to log the user in, which works correctly cross domain. The JavaScript is:

我有一个跨域 AJAX GET，它成功预检，但 cookie 没有附加到 GET 请求。当用户单击登录按钮时，会进行 POST 以登录用户，这可以跨域正常工作。JavaScript 是：

        $.ajax(signin_url, {
            type: "POST",
            contentType: "application/json; charset=utf-8",
            data: JSON.stringify(credentials),
            success: function(data, status, xhr) {
                signInSuccess();
            },
            error: function(xhr, status, error) {
                signInFailure();
            },
            beforeSend: function(xhr) {
                xhr.withCredentials = true
            }
        });

The response headers include a cookie:

响应头包含一个 cookie：

Set-Cookie:user_token=snippysnipsnip; path=/; expires=Wed, 14-Jan-2032 16:16:49 GMT

If sign-in succeeds, a JavaScript GET request is made to get the current user's details:

如果登录成功，则会发出 JavaScript GET 请求以获取当前用户的详细信息：

function signInSuccess() {
    $.ajax(current_user_url, {
        type: "GET",
        contentType: "application/json; charset=utf-8",
        success: function(data, status, xhr) {
            displayWelcomeMessage();
        },
        beforeSend: function(xhr) {
            xhr.withCredentials = true;
        }
    });
}

The CORS-related headers returned from Chrome's OPTIONS request are:

Chrome 的 OPTIONS 请求返回的 CORS 相关标头是：

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:http://192.168.0.5
Access-Control-Max-Age:1728000

However, no cookies are sent on the GET request.

但是，不会在 GET 请求上发送 cookie。