FineUploader CORS选择性工作 [英] FineUploader CORS selectively working

问题描述

我已成功处理FineUploader，并要求保存到其他子域 - example.com上的HTML代码，upload.example.com上的endpoint.php。

I have been working with FineUploader successfully, and had a requirement to save to a different subdomain - HTML code at example.com, endpoint.php at upload.example.com.

我每次在Safari上传几个小文件时都能正常工作。这些相同的小文件总是在FireFox和Mac上的Chrome（2014年1月的最新版本）上传，但我只有选择性地获得成功反馈与FireFox和Mac上的Chrome。它总是有正在处理...或百分比61％，虽然该文件是在服务器上。

I have it working perfectly every time in Safari uploading several small files. Those same small files always upload on FireFox and Chrome on Mac (latest versions as of January 2014), but I only get success feedback selectively with FireFox and Chrome on Mac. It always has "Processing..." or a percentage "61%" although the file is on the server.

当我把HTML代码放在upload.example。 com，它工作正常。我使用FineUploader自定义构建（商业支持）v4.2.2，我已更新了预检响应的后端endpoint.php等。问题是POST请求无限期挂起，无论服务器设置。我甚至创建了一个假的JSON响应器，只做了JSON成功字符串的响应。

When I put the HTML code on upload.example.com, it works fine. I am using FineUploader custom build (commercial support) v4.2.2, and I have updated the backend endpoint.php for the preflight response, etc. The issue is that the POST request hangs indefinitely, no matter what the server is set to. I even created a fake JSON responder that did nothing but respond with the JSON success string.

...
else if ($method == "POST") {
    handleCorsRequest();
    header("Content-Type: text/plain");
    echo '{"success":true,"uuid":"99999a18-a6c3-456e-bd06-e492f8a290c0","uploadName":"image1.jpg"}';
}
...

我认为可能需要JSONP以读取响应，并且没有FineUploader不知道发生了什么。但是，FineUploader不会发送回调字段，只要我能告诉。

I was thinking it possible that JSONP is required to read the response back, and without that FineUploader doesn't know what is going on. However, FineUploader doesn't send a callback field as far as I can tell.

任何想法？很高兴澄清。以下是飞行前请求，响应和POST无限期挂起的示例。

Any ideas? Happy to clarify. Below is an example of the pre-flight request, response and POST that hangs indefinitely.

Ryan

REQUEST ACCORDING TO PROXY:
Referer: http://example.com/?folder=TestFolder&id=1051&jobname=Test
Cache-Control: no-cache
Connection: keep-alive
Origin: http://example.com
Accept-Language: en-US,en;q=0.8
Accept: */*
Content-Length: 51729
Host: upload.example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxBA8idxO6Luv7Ipc
Accept-Encoding: gzip,deflate,sdch
X-Requested-With: XMLHttpRequest

RESPONSE ACCORDING TO PROXY, RETURN CODE 200:
Date: Fri, 24 Jan 2014 19:14:38 GMT
Server: Apache
Content-Type: text/plain
Connection: Keep-Alive
MS-Author-Via: DAV
Access-Control-Allow-Origin: *
X-Powered-By: PHP/5.3.15
Content-Length: 88
Keep-Alive: timeout=15, max=99

RESPONSE TEXT ACCORDING TO PROXY:
{"success":true,"uuid":"f0365869-312b-4080-bc30-1792e24fe366","uploadName":"image1.jpg"}

POSTED DATA:
------WebKitFormBoundaryxBA8idxO6Luv7Ipc
Content-Disposition: form-data; name="qquuid"

f0365869-312b-4080-bc30-1792e24fe366
------WebKitFormBoundaryxBA8idxO6Luv7Ipc
Content-Disposition: form-data; name="qqfilename"

image1.jpg
------WebKitFormBoundaryxBA8idxO6Luv7Ipc
Content-Disposition: form-data; name="qqtotalfilesize"

51200
------WebKitFormBoundaryxBA8idxO6Luv7Ipc
Content-Disposition: form-data; name="qqfile"; filename="image1.jpg"
Content-Type: image/jpeg

{binary data}
------WebKitFormBoundaryxBA8idxO6Luv7Ipc--

推荐答案

由于看起来您正在发送凭据，请设置 Access -Control-Allow-Origin 标题到请求的来源（显然不是一个好主意的生产），而不是'*'。

Since it looks like you are sending credentials, set the Access-Control-Allow-Origin header to the origin of the request (obviously not a good idea for production) rather than '*'.

如果您在精品上传器中没有 sendCredentials 设置为 true ，则可以使用通配符 Access-Control-Allow-Origin 。

If you did not have sendCredentials set as true in Fine Uploader, then you could have a wildcard Access-Control-Allow-Origin.

根据 MDN ：

[...]当响应具有凭证的请求时，服务器必须指定一个域，并且不能使用通配符。上面的例子将失败，如果标题通配符为：Access-Control-Allow-Origin：*。

[...] when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *.

answer： CORS：当凭据标志为真时，不能在Access-Control-Allow-Origin中使用通配符

这篇关于FineUploader CORS选择性工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！