为什么我从HTTPS域到HTTP本地主机的请求在CORS中失败? [英] Why are my requests from HTTPS domain to HTTP localhost failing CORS?

问题描述

我有一个REST服务(实现为Azure功能)，在域A上的HTTPS上运行.

I have a rest service (implemented as an Azure Function), running on HTTPS, on domain A.

我有一个网站，该网站在域B上的HTTPS上运行.

I have a web site, running on HTTPS on domain B.

我为cors指定了通配符*.

I have specified wildcard * for cors.

在网站上使用jQuery，我将Ajax请求发送到其余服务.这样可以正常工作，我可以看到我的GET请求由OPTIONS进行了预检.

Using jQuery on the web site I send Ajax requests to the rest service. This works, I can see my GET request preflighted by an OPTIONS.

当我开发Rest服务时，我想在localhost域上以HTTP运行的本地服务.这似乎不起作用.

When I am developing my rest service I would like to host the service locally, running on HTTP, on the localhost domain. This doesnt seem to work.

我必须启用混合内容，但是然后看来浏览器(Firefox)似乎并没有发送或预检我的请求-网络流量为空.看来我的请求未能通过CORS请求.

I have to enable mixed content, but then it doesnt seem like the browser (Firefox) sends or preflights my request - the network traffic is empty. It looks like my request is failing the CORS request.

它出现在Firefox控制台中.

This appears in the Firefox console.

16:42:56.550 Loading mixed (insecure) active content "http://locahost:7071/api/test/get?message=get+hello+world!" on a secure page[Learn More] ajax.ts:153:23
16:42:56.558 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://locahost:7071/api/test/get?message=get+hello+world!. (Reason: CORS request did not succeed).

我可以通过将本地网址设置为//locahost来避免出现混合内容错误，但是这仍然会使CORS失败.

I am able to avoid the mixed content errors by setting my local url as //locahost, however this still fails CORS.

会发生这种情况，因为我正在尝试从HTTPS域到HTTP本地主机执行CORS吗?

Does this happen because I am trying to do CORS from HTTPS domain to HTTP localhost?

推荐答案

此页面显示详细信息原因:默认情况下阻止混合内容. https://developer.mozilla.org/zh-CN/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content

this page shows details reason: Mixed content is blocked as default. https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content

如果您未设置允许的域列表，则不仅要启用Firefox，还要设置Chrome& amp; IE阻止了那些从https到http的请求. 顺便说一句，您不能在本地主机中使用自我分配的证书，它也会由于另一个错误而被阻止.

you have to enable local https as well if you did not setup allowed domain list, not only Firefox, but also Chrome & IE block those request that is from https to http. BTW, you cannot use self-assigned certificates in local host, it will be blocked as well with another error.

这篇关于为什么我从HTTPS域到HTTP本地主机的请求在CORS中失败?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！