跨域问题，Request header field XXXXX is not allowed by Access-Control-Allow-Headers 的问题

<httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
        <add name="Access-Control-Allow-Headers" value="Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With,SOAPAction" />
      </customHeaders>
    </httpProtocol>

浏览器为了安全起见，会先发送一个 options 请求，确保请求发送是安全的，一般 POST DELETE PUT 等请求都会修改服务器资源，所以浏览器会先发一个请求，问问服务器是否会正确（允许）请求，若不支持 options 请求，请求也会死掉

跨域问题，Request header field XXXXX is not allowed by Access-Control-Allow-Headers 的问题

原文：http://www.cnblogs.com/wangshuming/p/7903800.html