我尝试使用CORS将档案上传到其他网域的服务,但由于来源被拒绝,档案仍会继续失败。
JavaScript请求:
var xhr = new XMLHttpRequest(); xhr.open('POST',files.example,true); xhr.setRequestHeader('Content-Type','application / json'); xhr.onreadystatechange = function(){ if(this.status == 200&& this.readyState == 4){ console.log('response:'+ this .responseText); } }; xhr.send();预检OPTIONS请求的回应:
<$ 访问控制允许方法:POST,OPTIONS 访问控制允许标题:原始,授权,内容类型访问控制允许方法:原始:* Content-Length:0 Content-Type:application / json Date:Mon,19 Nov 2012 23:30:21 GMTPOST请求的标题:
控制:no-cache Content-Type:application / json 原产地:https://www.example Pragma:no-cache Referer:https:// www.example User-Agent:Mozilla / 5.0(Macintosh; Intel Mac OS X 10_8_0)AppleWebKit / 537.19(KHTML,如Gecko)Chrome / 25.0.1325.0 Safari / 537.19这会导致错误:
XMLHttpRequest无法加载files.example。 Access-Control-Allow-Origin不允许生成www.example。解决方案
很抱歉,发送到网域以外的网域CORS。这也包括不同的子域,端口和协议(http / https)。
预检是在请求是不简单时完成的,到除text / plain之外的其他内容。你的application / json会使浏览器害怕进入预检。
如果这50-200 ms对你很重要,你可以重写你的web服务来理解简单内容类型。如果没有,那么你应该让你的web服务返回HTTP状态204(没有内容)时,它的任务OPTIONS(http方法)。
当处理wcf :
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.NoContent;
I'm trying to upload files to a service on a different domain using CORS, but they keep failing due to the origin being denied. As far as I can see the correct headers are being used to allow this.
Javascript request:
var xhr = new XMLHttpRequest(); xhr.open('POST', "files.example", true); xhr.setRequestHeader('Content-Type', 'application/json'); xhr.onreadystatechange = function () { if (this.status == 200 && this.readyState == 4) { console.log('response: ' + this.responseText); } }; xhr.send();Response from the preflight OPTIONS request:
Access-Control-Allow-Headers:Origin, Authorization, Content-Type Access-Control-Allow-Methods:POST, OPTIONS Access-Control-Allow-Origin:* Content-Length:0 Content-Type:application/json Date:Mon, 19 Nov 2012 23:30:21 GMTHeaders for POST request:
Cache-Control:no-cache Content-Type:application/json Origin:www.example Pragma:no-cache Referer:www.example User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/537.19 (KHTML, like Gecko) Chrome/25.0.1325.0 Safari/537.19Which results in the error:
XMLHttpRequest cannot load files.example. Origin www.example is not allowed by Access-Control-Allow-Origin.解决方案
Unfortunately, POSTing to a domain other than your page's elicits CORS. That also includes different subdomains, ports and protocol (http/https).
Preflight is done when the request is "not simple", meaning, a content-type header set to something other than "text/plain". Your "application/json" makes browsers get scared into preflighting.
If those 50-200 ms are important to you, then you can rewrite your web service to understand the "simple" content type. If not, then you should make your web service throw back HTTP status 204 (no content) when it is tasked with OPTIONS (http method).
When dealing with a wcf:
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.NoContent;
更多推荐
CORS邮寄预检请求
发布评论