原因参考这篇
http://blog.csdn.net/sylvilagus/article/details/50233335
postman是基于浏览器的插件,发出的请求都是通过调用ajax/xmlhttprequest的方式,必然受到浏览器的安全限制:
- 首先 XMLHttpRequest 出于安全考虑是不支持跨域的, 这一点postman已经向浏览器声明了需要跨域的权限
- 其次,部分header同样由于安全原因,是无法在浏览器中set的,受制于浏览器的用户特性
具体哪些header不能set,要看XMLHttpRequest.js的源码实现
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method",
"connection",
"content-length",
"content-transfer-encoding",
"cookie",
"cookie2",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"via" ];经验证,以上属性在postman中设置全部无效。解决方案是打开postman的拦截器(interceptor),之后就可以正常添加cookie了。