使用Chrome / WebKit调试Access-Control-Allow-Origin [英] Debugging Access-Control-Allow-Origin with Chrome/WebKit
问题描述
我尝试使用跨源资源共享与Access-Control-Allow-Origin和相关标题。我有它在Firefox上工作,但Chrome是给我的权限错误,看起来像:
I'm trying to use Cross-Origin Resource Sharing with Access-Control-Allow-Origin and related headers. I have it working on Firefox, but Chrome is giving me permission errors, that look this like:
XMLHttpRequest cannot load <remote>. Origin <local> is not allowed by Access-Control-Allow-Origin.
网络检查器显示请求但没有响应(并且不包括OPTIONS预检请求和响应)。我使用curl检查请求输出,并且再现所有的头,我认为这符合规范所暗示的内容(再次,Firefox接受)。我很失去如何进一步调试这 - 有没有技巧看到网络活动比Chrome通常提供的更低的水平?关于Chrome如何解释CORS请求与Firefox不同的信息?
The network inspector shows the request but no response (and doesn't include the OPTIONS preflight request and response). I inspected the request output using curl and reproducing all the headers, and what I see fits what the specification implies (and again, what Firefox accepts). I'm at a loss how to debug this further -- are there tricks for seeing the network activity at a lower level than what Chrome normally provides? Information about how Chrome interprets CORS requests differently than Firefox?
推荐答案
我怀疑您看到的是预检, Chrome请求由于错误。
I suspect what you're seeing is a preflight followed by a failing Chrome request due to a bug. That would explain why things work in Firefox but not in Chrome.
您是否在要求中传送任何自订标题? WebKit中有一个错误,其中GET请求与自定义标头失败(错误在这里: http://代码。 google.com/p/chromium/issues/detail?id=57836 )。我也注意到,Chrome有时期望Access-Control-Allow-Headers列表中的Content-Type头,即使Content-Type是一个简单的头。
Are you sending any custom headers in your request? There's a bug in WebKit where GET requests with custom headers fails (bug here: http://code.google.com/p/chromium/issues/detail?id=57836). I've also noticed that Chrome sometimes expects the Content-Type header in the Access-Control-Allow-Headers list, even though Content-Type is a simple header.
另外,你提到网络检查器不包括OPTIONS预检?您使用哪个网络检查器?我建议使用Wireshark,因为这可以告诉你Chrome的检查器不提供的实际网络流量的详细信息(例如,Wireshark将记录预检请求)。
Also, you mention that the network inspector doesn't include the OPTIONS preflight? Which network inspector are you using? I'd recommend using Wireshark, since this gives you details on the actual network traffic that Chrome's inspector doesn't provide (for example, Wireshark will log preflight requests).
其他一些调试提示:
在Safari中尝试请求。这将有助于将其缩小为Chrome错误或WebKit错误。
Try the request out in Safari. This will help narrow it down to a Chrome bug or a WebKit bug.
我看到你看到的错误的时间(Wireshark显示请求,但不是响应),这是因为我的服务器不包括访问控制-Allow-Origin头,不包括,因为Chrome不发送Origin头(见上面的错误)。在您的网络跟踪中,您在请求中是否看到Origin标头?你可以控制服务器,如果是,它是否收到一个Origin头?
The times I've seen the error you are seeing (Wireshark shows a request but not a response), it is because my server doesn't include the Access-Control-Allow-Origin header, which isn't included because Chrome isn't sending the Origin header (see bug above). In your network trace, do you see an Origin header in the request? Do you have control over the server, and if so, does it receive an Origin header?
它很难调试实际问题,没有更多的细节。如果您仍有问题,可以在这里张贴要求/回应标题吗?
Its tough to debug the actual issue without more details. If you are still having issues, can you post request/response headers here?
这篇关于使用Chrome / WebKit调试Access-Control-Allow-Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
