当使用 Google Chrome 的 xmlHttpRequest 时，拒绝设置不安全的头部"Origin"。

收到以下错误信息：

使用以下代码：

   function getResponse() {
            document.getElementById("_receivedMsgLabel").innerHTML += "getResponse() called.<br/>";
            if (receiveReq.readyState == 4 || receiveReq.readyState == 0) {
                receiveReq.open("GET", "http://L45723:1802", true, "server", "server123");  //must use L45723:1802 at work.
                receiveReq.onreadystatechange = handleReceiveMessage;
                receiveReq.setRequestHeader("Origin", "http://localhost/");
                receiveReq.setRequestHeader("Access-Control-Request-Origin", "http://localhost");
                receiveReq.timeout = 0;
                var currentDate = new Date();
                var sendMessage = JSON.stringify({
                    SendTimestamp: currentDate,
                    Message: "Message 1",
                    Browser: navigator.appName
                });
                receiveReq.send(sendMessage);

            }
        }

我做错了什么？在请求头中缺少了什么导致CORS请求无法正常工作？

我尝试删除 receiveReq.setRequestHeader("Origin", ...) 调用，但是接下来 Google Chrome 抛出了我的 receiveReq.open() 调用的访问错误...

为什么会这样？