问题描述
在Firefox中接收到的错误是:
$ b
可以成功请求,直到我添加 $ b
我还需要做什么才能在Firefox中使用?
更新
我注意到,如果我设置我的标题如下...
访问控制允许来源:'
。那么预购 OPTIONS 请求就可以正常工作。请求和响应中的 Access-Control-Allow-Origin 标头在中都是相同的。然而,实际的 GET 请求然后失败并出现上述错误。
如果我修改我的标题如下:
Access-Control-Allow-Origin:https://www.domain.eu,https://www.domain.eu $ b
...(这就是Firefox提到的错误),那么实际的pre-flight OPTIONS 请求失败,因为这次Firefox只是希望标题中有一个 https://www.domain.eu 值。
您需要在您的web API项目中启用CORS。
检查此出去!
I'm having a problem where by the cross origin requests from my Angular JS application work fine in Chrome but not in Firefox.
The error received in firefox is:
I can make requests successfully until I add an Authorization header to the request.
My server (ASP.Net Web API running on IIS) has the following headers set up:
Access-Control-Allow-Origin: https://www.domain.eu Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Authorization Access-Control-Allow-Credentials: true
Firefox successfully pre-flights the request with an OPTIONS request. Looking through this I can see the sent Origin header is contained in the returned Access-Control-Allow-Origin header.
In fact, for some reason the returned Access-Control-Allow-Origin header has my domain name twice (despite specifying it once in config) e.g.
Access-Control-Allow-Origin: https://www.domain.eu, https://www.domain.eu
That aside what is the difference between Firefox and Chrome in this regard?
What else do I need to do so that this will work in Firefox?
UPDATE
I have noticed that if I set my headers as follows...
`Access-Control-Allow-Origin: https://www.domain.eu'
... then the pre-flight OPTIONS request works fine. The Access-Control-Allow-Origin header is the same in both the request and the response. However the actual GET request then fails with the error above.
If I modify my headers as follows:
Access-Control-Allow-Origin: https://www.domain.eu, https://www.domain.eu
... (which is what Firefox alluded to in the error), then the actual pre-flight OPTIONS request fails as this time Firefox just expects a single value of https://www.domain.eu in the header.
you need to enable CORS in your web API project.Check this out!
这篇关于在Firefox中阻止Cross Origin请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!