ajax 默認是不會帶 cookie，您需要手動設(shè)置以下 withCredentials

xhr.withCrendentials = true;

為了保障該屬性生效，服務(wù)器必須顯式地返回Access-Control-Allow-Credentials這個頭信息：

Access-Control-Allow-Credentials: true

跨域問題。您先用*試試。

res.header("Access-Control-Allow-Origin", "*");

我這邊是基于express寫的接口：

var app = express();

//設(shè)置跨域訪問

app.all('*', function(req, res, next) {

    res.header("Access-Control-Allow-Origin", "*"); //*表示允許的域名地址，本地則為'http://localhost'

    res.header("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");

    res.header("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, X-Powered-By, Accept,X-Requested-With");

    res.header("X-Powered-By", ' 3.2.1')

    res.header("Content-Type", "application/json;charset=utf-8");

    next();

});