header('Access-Control-Allow-Origin : *');
header('Access-Control-Allow-Headers : Origin, X-Requested-With, Content-Type, Accept');
header('Access-Control-Allow-Methods :PUT,POST,GET,DELETE,OPTIONS');
//持久化session
header("Access-Control-Allow-Credentials : true");
//客户端:
xhrFields: {
withCredentials: true
}