appserver的cros 还是不行，我在apache开启了module headers，可以了。
service apache2 restart
add the following line inside either the , , or sections of your server config (usually located in a *.conf file, such as httpd.conf or apache.conf
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Max-Age "86400"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"