Safari 10.1：具有访问参数的XMLHttpRequest由于访问控制检查而无法加载 [英] Safari 10.1: XMLHttpRequest with query parameters cannot load due to access control checks

问题描述

在包含查询参数的URL上尝试 Safari 10.1 上的 CORS请求时= https://example.com/api?v=1 rel = noreferrer> https://example.com/api?v=1 ），Safari说

When trying a CORS request on Safari 10.1, on an URL which includes query parameters (e.g. https://example.com/api?v=1), Safari says

XMLHttpRequest由于访问控制检查而无法加载

XMLHttpRequest cannot load due to access control checks

Chrome / Firefox可以运行

Chrome/Firefox works fine.

在没有？v = 1 的页面请求下，Safari也可以正常工作。

On requests from the page without the ?v=1, Safari works fine too.

我尝试从以下服务器更改服务器响应标头

I tried changing the server response header from

Access-Control-Allow-Origin: https://example.com

至

Access-Control-Allow-Origin: https://example.com/api?v=1

但这会破坏Chrome。

but that breaks Chrome.

有任何建议吗？

推荐答案

您遇到了CORS问题。

You're running into CORS issues.

某些可能的原因：

• 标题 Acc ess-Control-Allow-Origin 只能在服务器端设置，而不能在客户端脚本中设置。 （您不清楚您是否正确地做到了这一点。）


• 确定协议（ http 与 https 与 file ）完全一样吗？


• 如果您可能有多个子域，则需要使用 ^ http（s）？：//（。+ \。）？test\.com $
  。
  
  ^ 标志着行，以防止在此url之前出现任何内容。您需要一个协议，并在此处允许两者。子域是可选的。 $ 标志着行的结尾（您无需设置子页面，因为来源仅基于主机）。


• 如所述此处在服务器配置中添加 Access-Control-Allow-Headers：Origin 也是一种解决方案，请尝试比较实际请求使我的Safari能够处理Firefox或Chrome浏览器发出的成功请求，以发现可能缺少的标头（也可以将它们与您的服务器配置进行比较）。

• The header Access-Control-Allow-Origin can only be set on server side, not in your clients script. (You did not make clear you did that correctly.)
• Are you sure the protocol (http vs https vs maybe even file) is exactly the same?
• If you may have multiple sub domains you need to setup your config (e.g. Apache) with something like "^http(s)?://(.+\.)?test\.com$ .
  The ^ marks the start of the line to prevent anything preceeding this url. You need a protocol and allowing both here. A subdomain is optional. And the $ marks the end of line (you don't need to set sub-pages, because origin is only host based).
• As stated here adding Access-Control-Allow-Headers: Origin to the server configuration as well may be a solution. Try to compare the actual requests made my Safari to the successfull requests done by Firefox or Chrome to spot possible missing Headers as well (and maybe compare them to your server configuration as well).

这篇关于Safari 10.1：具有访问参数的XMLHttpRequest由于访问控制检查而无法加载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！