您在 Firefox 中看到的不是实际请求；请注意，HTTP 方法是 OPTIONS，而不是 POST.它实际上是浏览器发出的预检"请求，以确定是否应该允许跨域 AJAX 请求:

What you saw in Firefox was not the actual request; note that the HTTP method is OPTIONS, not POST. It was actually the 'pre-flight' request that the browser makes to determine whether a cross-domain AJAX request should be allowed:

http://www.w3.org/TR/cors/

飞行前请求中的 Access-Control-Request-Headers 标头包括实际请求中的标头列表.然后，在浏览器提交实际请求之前，服务器会报告在此上下文中是否支持这些标头.

The Access-Control-Request-Headers header in the pre-flight request includes the list of headers in the actual request. The server is then expected to report back whether these headers are supported in this context or not, before the browser submits the actual request.