CORS当使用curl测试时,HTTP OPTIONS请求的原始不一致 [英] CORS Origin inconsistency on HTTP OPTIONS request when testing with curl
问题描述
在测试CORS能力的端点时,我很好奇,如果有人可以使用curl解释结果中的以下差异:
In testing out an endpoint for CORS capability and I'm curious if someone can explain the following difference in results while using curl:
首先,我尝试了以下:
$ curl -i https://api.github.com -H "Origin: http://github.com" -X OPTIONS
这导致成功的响应给我
其次,我尝试过:
$ curl -i https://api.github.com -H "Origin: http://jamesdh.github.com" -X OPTIONS
这导致了500错误。唯一的改变是在初始请求中传递的Origin标头。
Which resulted in a 500 error. The only thing changed being the Origin header passed in the initial request.
忽略我的CORS无知,但大多数服务器并不反映访问控制-Allow-Origin响应头?为什么GitHub与一个正常工作,然后在另一个上爆炸?
Pardon my CORS ignorance, but don't most servers just reflect the Origin path in the Access-Control-Allow-Origin response header? Why would GitHub work correctly with one, and then blow up on the other?
推荐答案
显然对于CORS请求,域必须首先注册为具有GitHub的OAuth应用程序。从他们的文档 http://developer.github.com/v3/#cross -origin-resource-sharing 我刚刚捕获到以下内容:
Apparently for CORS requests, the domain must be registered as an OAuth application with GitHub first. From their docs at http://developer.github.com/v3/#cross-origin-resource-sharing I just caught the following:
注册为OAuth应用程序的任何域都被接受。这里是一个例子...
Any domain that is registered as an OAuth Application is accepted. Here’s a sample...
如果他们强调一点,肯定会很好!在创建将所需的GitHub网页网址用作域/回调网址的OAuth应用后,此功能现在可正常工作!
It sure would be nice if they emphasized that a bit more! After creating an OAuth application that uses the desired GitHub Page URL as a domain/callback URL, this is now working as expected!
这篇关于CORS当使用curl测试时,HTTP OPTIONS请求的原始不一致的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
