SEC7118:XMLHttpRequest CORS - IE Console消息 [英] SEC7118: XMLHttpRequest CORS - IE Console message
问题描述
我使用的是CORS POST请求,所有内容都照顾到了@ :
安全性错误代码格式为SEC7xxx [在IE]
< blockquote>
与SEC7118有关:
对一个XMLHttpRequest您网页的网域。这要求服务器在其响应头中返回一个Access-Control-Allow-Origin头,但没有返回。
注意此错误代码已删除IE11在Windows 10.它仍然在IE11为Windows 8.1和Windows 7。
所以它从技术上看被视为一个错误从IE的角度,但肯定不是一个(因此它为什么会消失)。 Access-Control-Allow-Origin在资源上设置,但不一定与请求一起发回。如果指定的资源没有
Access-Control-Allow-Origin:*(或域),则资源将不可访问,并且服务器可能返回503或404,您会在控制台中看到类似于以下内容的真实错误消息:
XMLHttpRequest无法加载 http://example.com/ 。在所请求的资源上没有Access-Control-Allow-Origin头。因此,原始' http://blog.example.com '不允许访问。
I am using CORS POST request with everything taken care as given @http://www.html5rocks.com/en/tutorials/cors/
Server sets Response header to: 'Access-Control-Allow-Origin':'*' and I can see this header value in IE developer tool.
But on IE10 browser I see console message as "SEC7118: XMLHttpRequest for http:// required Cross Origin Resource Sharing (CORS).
When I check on Microsoft site it has below given explanation.
http://msdn.microsoft.com/en-us/ie/dn423949(v=vs.94).aspx
SEC7118
Description: "XMLHttpRequest for [URL] required Cross Origin Resource Sharing (CORS). " An XMLHttpRequest was made to a domain that was different than your page's domain. This requires the server to return an "Access-Control-Allow-Origin" header in its response headers, but one was not returned.
Suggested Fix: The server must support CORS requests and return an appropriate "Access-Control-Allow-Origin" header with the resource. See CORS for XHR in IE10 for more info about CORS in response headers.
Questions:
- I want to know if this console message is an ERROR ??
- Will this cause any failures ??
- Why do I get this message even after setting response header 'Access-Control-Allow-Origin' value to '*'??
- Does 'Access-Control-Allow-Origin' value has to be origin name for IE10 to work? I know * is not a very good option, But does IE requires exact origin name ??
I kept URL's and cookie details hidden from these images.
解决方案Just for kicks, from MSDN:
Security error codes are in the form SEC7xxx [In IE]
Pertaining to SEC7118:
An XMLHttpRequest was made to a domain that was different than your page's domain. This requires the server to return an "Access-Control-Allow-Origin" header in its response headers, but one was not returned.
Note This error code was removed in IE11 on Windows 10. It remains in IE11 for Windows 8.1 and Windows 7.
So it is technically viewed as an error from IE's perspective, but certainly isn't one (hence why it is going away). Access-Control-Allow-Origin is set on a resource, but isn't necessarily sent back with the request. If a specified resource DOESN'T have
Access-Control-Allow-Origin:*(or a domain), the resource would not be accessible and the server would likely return a 503 or 404 and you would see a true error message in the console similar to the below:XMLHttpRequest cannot load http://example.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blog.example.com' is therefore not allowed access.
这篇关于SEC7118:XMLHttpRequest CORS - IE Console消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
