发布带有cors的JSON ajax请求在IE10/Edge中不起作用 [英] Post JSON ajax request with cors not working in IE10/Edge
问题描述
背景:-我创建了在本地系统IIS中托管的WCF服务.服务公开了GET/POST方法并启用了跨域功能,也可以使用https进行访问.为了使其易于访问,使用了自签名证书.
Background:- I created a WCF service hosted in my local system IIS. Service exposes GET/POST method and cross domain enabled and can be accessed using https too. To make it accessible, self signed certificate is used.
测试:-当我尝试进行跨域ajax调用时,它对于IE10/Edge中的GET请求和POST请求(仅那些不接受数据作为json的post方法)正常工作.我可以在chrome/firebox浏览器中对任何GET/POST请求进行跨域调用.当在ajax调用中传递contenttype:accept/json参数时,只有IE 10/Edge会导致问题导致对POST请求进行跨域调用.
Testing:- When i try to do cross domain ajax call it work fine for GET request and POST request (only those post method which are not accepting data as a json) in IE10/Edge. I'm able to make cross domain call for any GET/POST request in chrome/Firebox browser. Only it's IE 10/Edge which cause problem to make cross domain call for POST request when contenttype:accept/json parameter is passed in ajax call.
研究:-我阅读了许多博客/mdn,并了解了cors的规范,在这些规范中IE并未严格遵循cors.我知道cors规范不会分配自定义标头/标头的值,因为cors预检中止了.
Research:- I read lots of blogs/mdn and get to know specification of cors in which IE does not follow cors religiously. I know cors specification does not alloe custom header/header's value due to which cors preflight aborted.
我正在执行的ajax请求示例:-
var postDT = { "postValue": "test" };
debugger;
$.support.cors = true;
$.ajax({
type: "POST",
data: JSON.stringify(postDT),
url: "http://ateet3371/Service1.svc/postdata",
contentType: "application/json; charset=utf-8",
dataType: "JSON",
processData: true,
success: function (data) {
alert(data);
},
error: function (jqXHR, textStatus, errorThrown) {
var a = jqXHR;
alert(jqXHR + '---' + textStatus + '---' + errorThrown);
}
});
如果我删除了contentType: "application/json; charset=utf-8"
,则抛出错误的请求错误,否则抛出拒绝访问错误.
If i removed contentType: "application/json; charset=utf-8"
then it throw bad request error else it throw access denied error.
WCF中的方法实现是:-
And method implementation in WCF is:-
[OperationContract]
[WebInvoke(Method = "POST", ResponseFormat = WebMessageFormat.Json, UriTemplate = "PostResponseData")]
string PostResponseData(PostDataTest postDT);
数据合同是:-
[DataContract]
public class PostDataTest
{
private string post_value;
// Apply the DataMemberAttribute to the property.
[DataMember]
public string postValue
{
get { return post_value; }
set { post_value = value; }
}
}
如果我使用方法PostUrl数据,则如果从请求中删除了ContentType:"Application/json"标头,则ajax调用将成功执行并返回正确的结果.
If i use method PostUrl data then ajax call is executed successfully and return proper results if ContentType:"Application/json" header is removed from request.
[OperationContract]
[WebInvoke(Method = "POST", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json, UriTemplate = "PostUrlData/{value}")]
string PostUrlData(string value);
我已经在WCF的Global.asax中的BeginRequest事件中编写代码来处理选项请求:-
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS" )
{
//These headers are handling the "pre-flight" OPTIONS call sent by the browser
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, HEAD");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, X-Requested-With, Session");
HttpContext.Current.Response.AddHeader("Access-Control-Expose-Headers", "DAV, content-length, Allow" );
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache,no-store");
HttpContext.Current.Response.End();
}
而且我无法在IE中启用Allow cross domain call
设置,因为最终用户不会执行此类步骤.
And i can't enable Allow cross domain call
setting in IE as end user would not do such steps.
陷入问题:-,但仍无法在IE 10/Edge(已启用cors)中进行JSON数据发布调用.
Stuck in Problem:- But still not able to do JSON data post call in IE 10/Edge (which are cors enabled).
(已编辑)更新: 承载WCF的IIS站点仅启用了匿名身份验证,而其他身份验证则被禁用. 即使我尝试使用适用于https的有效证书,但仍无法在IE上使用,但对于chrome来说却完美.
(Edited) Updates: IIS site where WCF is hosted have only Anonymous Authentication enabled while other authentication are disabled. Even I tried with valid certificate for https but still it is not working for IE but work perfect for chrome.
请求标头
Request Header
OPTIONS https://service.domian.com/projectservice.svc/GetMultiListData HTTP/1.1
Accept: */*
Origin: https://sitename.servicedomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: sitename.servicedomain.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
OPTIONS https://service.domian.com/projectservice.svc/GetMultiListData HTTP/1.1
Accept: */*
Origin: https://sitename.servicedomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: sitename.servicedomain.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
响应标题
Response Headers
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Server: Microsoft-IIS/7.5
Access-Control-Allow-Origin: sitename.servicedomain.com
Access-Control-Allow-Methods: GET,POST,PUT,HEAD
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Content-Type,Accept,X-Requested-With,Session
Access-Control-Expose-Headers: DAV,content-length,Allow
Access-Control-Max-Age: 1728000
X-Powered-By: ASP.NET
Date: Thu, 04 Aug 2016 17:26:27 GMT
Content-Length: 0
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Server: Microsoft-IIS/7.5
Access-Control-Allow-Origin: sitename.servicedomain.com
Access-Control-Allow-Methods: GET,POST,PUT,HEAD
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Content-Type,Accept,X-Requested-With,Session
Access-Control-Expose-Headers: DAV,content-length,Allow
Access-Control-Max-Age: 1728000
X-Powered-By: ASP.NET
Date: Thu, 04 Aug 2016 17:26:27 GMT
Content-Length: 0
在浏览大量文章和博客时仍无法解决问题,请帮助我. 您的帮助将不胜感激!
Please help me as I go through lots of article and blog and still not able to resolve the issue. Your help will be greatly appreciated!
专家的帮助我!
EXPERT's PLEASE HELP ME!
推荐答案
您可以在客户端检查以下几项内容:
There are a few things you can check client-side:
- 您正在尝试覆盖
$.support.cors
.这(或曾经)是要作为一个可读属性,告诉您浏览器是否支持CORS. (有关检查位置的信息,请参见 jQuery源 ) - 基于针对Ajax的jQuery文档,您可能希望将
xhrFields: { withCredentials: true }
添加到$.ajax()
选项 - 使用正确的
dataType: "json"
和charset=UTF-8
大小写
- you're trying to override
$.support.cors
. This is (or was) meant to be a readable property telling you if CORS is supported by the browser. (see jQuery source for where this is checked) - Based on jQuery docs for ajax you might want to add
xhrFields: { withCredentials: true }
to the$.ajax()
options - Use correct casing of
dataType: "json"
andcharset=UTF-8
在服务器端,您可能希望尝试使用特定的主机名(回显Origin
标头)而不是Access-Control-Allow-Origin
响应标头中的通配符(*
)进行响应.在MDN的段落中特别提到了这一点,该段落还讨论了 Access-Control-Allow-Credentials
:
At server-side, you may want to try responding with specific hostname (echo the Origin
header) instead of wildcard (*
) in the Access-Control-Allow-Origin
response header. This is specifically mentioned in MDN in a paragraph also discussing Access-Control-Allow-Credentials
:
重要说明:响应凭据请求时,服务器必须指定域,并且不能使用通配符.如果标头通配符为:Access-Control-Allow-Origin:*.,则上面的示例将失败.
Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *.
这篇关于发布带有cors的JSON ajax请求在IE10/Edge中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!