3
IE11出於某種原因拒絕了PUT請求,但僅在使用https時纔有效。 我很難找到問題,因爲使用http,localhost和其他瀏覽器工作正常。IE11 CORS在https上拒絕選項
該控制檯顯示從瀏覽器發送兩個錯誤
SEC7124: Request method PUT was not present in the Access-Control-Allow-Methods list.
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
OPTION請求是
Accept: */*
Accept-Encoding: gzip, deflate
Access-Control-Request-Headers: accept, content-type, session-id
Access-Control-Request-Method: PUT
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 0
Host: api.domain.com
Origin: https://portal.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
和來自服務器的響應被以下:用於
X-Powered-By: Servlet/2.5
Server: server
Content-Encoding: gzip
Access-Control-Expose-Headers: Session-Id
Access-Control-Allow-Origin: *
Access-Control-Max-Age: -1
Allow: OPTIONS,GET,HEAD,PUT
Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, DELETE
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept, origin, Content-Type, session-id, authorization, portal-url
Content-Type: application/vnd.sun.wadl+xml
Content-Length: 352
Date: Tue, 19 Jan 2016 15:33:38 GMT
AngularJS在客戶端使用標準的$ http PUT。 與Java的球衣在服務器端,並要求過濾處理CORS使用的是以下幾點:
public ContainerResponse filter(final ContainerRequest request, final ContainerResponse response)
{
if (request.getHeaderValue("Origin") != null)
{
final MultivaluedMap<String, Object> headers = response.getHttpHeaders();
headers.add("Access-Control-Allow-Origin", "*");
headers.add("Access-Control-Expose-Headers", "Session-Id");
headers.add("Access-Control-Allow-Credentials", Boolean.TRUE.toString());
}
if ("OPTIONS".equals(request.getMethod()))
{
final MultivaluedMap<String, Object> headers = response.getHttpHeaders();
for (String method : ["OPTIONS", "GET", "POST", "PUT", "DELETE"])
{
headers.add("Access-Control-Allow-Methods", method);
}
headers.add("Access-Control-Allow-Headers",
"accept, origin, Content-Type, session-id, authorization, portal-url, "
+ "If-Modified-Since, Cache-Control, Pragma");
headers.add("Access-Control-Max-Age", "-1");
}
return response;
}
也許你可以看到什麼可能是錯的。
謝謝
嘗試設置實際原點而不是'*' – charlietfl
檢查IE控制檯(F12打開devtools)是否有錯誤。應該有一條消息描述瀏覽器拒絕請求的原因。掉頭 - 允許credentials = true應該伴隨非星級允許來源。 –
@ OlegEstekhin錯誤信息在OP問題 – charlietfl