为什么我从HTTPS域到HTTP本地主机的请求在CORS中失败? [英] Why are my requests from HTTPS domain to HTTP localhost failing CORS?
问题描述
我有一个REST服务(实现为Azure功能),在域A上的HTTPS上运行.
I have a rest service (implemented as an Azure Function), running on HTTPS, on domain A.
我有一个网站,该网站在域B上的HTTPS上运行.
I have a web site, running on HTTPS on domain B.
我为cors指定了通配符*.
I have specified wildcard * for cors.
在网站上使用jQuery,我将Ajax请求发送到其余服务.这样可以正常工作,我可以看到我的GET
请求由OPTIONS
进行了预检.
Using jQuery on the web site I send Ajax requests to the rest service. This works, I can see my GET
request preflighted by an OPTIONS
.
当我开发Rest服务时,我想在localhost域上以HTTP运行的本地服务.这似乎不起作用.
When I am developing my rest service I would like to host the service locally, running on HTTP, on the localhost domain. This doesnt seem to work.
我必须启用混合内容,但是然后看来浏览器(Firefox)似乎并没有发送或预检我的请求-网络流量为空.看来我的请求未能通过CORS请求.
I have to enable mixed content, but then it doesnt seem like the browser (Firefox) sends or preflights my request - the network traffic is empty. It looks like my request is failing the CORS request.
它出现在Firefox控制台中.
This appears in the Firefox console.
16:42:56.550 Loading mixed (insecure) active content "http://locahost:7071/api/test/get?message=get+hello+world!" on a secure page[Learn More] ajax.ts:153:23
16:42:56.558 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://locahost:7071/api/test/get?message=get+hello+world!. (Reason: CORS request did not succeed).
我可以通过将本地网址设置为//locahost
来避免出现混合内容错误,但是这仍然会使CORS失败.
I am able to avoid the mixed content errors by setting my local url as //locahost
, however this still fails CORS.
会发生这种情况,因为我正在尝试从HTTPS域到HTTP本地主机执行CORS吗?
Does this happen because I am trying to do CORS from HTTPS domain to HTTP localhost?
推荐答案
此页面显示详细信息原因:默认情况下阻止混合内容. https://developer.mozilla.org/zh-CN/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content
this page shows details reason: Mixed content is blocked as default. https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content
如果您未设置允许的域列表,则不仅要启用Firefox,还要设置Chrome& amp; IE阻止了那些从https到http的请求. 顺便说一句,您不能在本地主机中使用自我分配的证书,它也会由于另一个错误而被阻止.
you have to enable local https as well if you did not setup allowed domain list, not only Firefox, but also Chrome & IE block those request that is from https to http. BTW, you cannot use self-assigned certificates in local host, it will be blocked as well with another error.
这篇关于为什么我从HTTPS域到HTTP本地主机的请求在CORS中失败?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!