iOS11在所有移动浏览器中导致CORS问题 [英] iOS11 causing CORS Issues in all mobile browsers

问题描述

我们在使用iOS11的iOS设备上测试我们的网站，并注意到它正在破坏，因为浏览器不会接受来自我们API的响应。使用远程调试器，我们能够确定我们收到了CORS权限错误，并且正在剥离响应正文和HTTP标头。这似乎发生在所有移动iOS浏览器（Chrome / Safari）上，并且即使在我将CORS响应标头更改为通配符值之后仍然会出现这种情况。但是，iOS的每个其他浏览器/操作系统/版本都运行良好。我已经附加了来自api的网络响应，api的响应头以及我们从控制台获得的错误。可以通过以下网址测试此问题

解决方案

我们在域A上托管的表单有类似的情况，并将数据发布到域B上的API。
来自的POST请求来自域A包含与域B无关的标题x-api-key

对API的预检OPTIONS请求的响应包含标题

• Access-Control-Allow-Origin： https：// domainA


• Access-Control-A llow-Headers：*


• Access-Control-Allow-Methods：*

适用于所有浏览器，除了iOS上的浏览器。
我们最终发现，为Access-Control-Allow-Headers指定外卡*
对iOS浏览器不起作用。在对OPTIONS请求的响应中，您需要指定POST请求中存在的所有标头，即使某些标头与域B上的服务器无关。
只有这样iOS才会发送POST请求。 / p>

将响应标题更改为

• Access-Control-Allow-Headers：Accept ，Content-Type，X-Requested-With，x-api-key

做到了（即使标题为x-api-密钥未在服务器B上处理。

We were testing our website on iOS devices with iOS11, and noticed that it was breaking, as the browser would not accept responses from our API. Using the remote debugger, we were able to determine that we were getting a CORS permission error, and the response body and HTTP Headers were being stripped. This seemed to be occuring on all mobile iOS browsers (Chrome/Safari), and continued to occur even after I changed the CORS reponse header to a wildcard value. However, every other browser/OS/version of iOS is working perfectly. I h ave attached the network response from our api, the response headers for our api, and the error we are getting from the console . This issue can be tested at the following url https://demo2.lifespeak.com/Share.aspx?key=ccb0b4a2-d041-426d-ac3b-c9472379613e--language-1--vid-19--cid-121 by comparing the result in iOS11 and other browsers

Is there something about iOS11 that might be causing this, or failing that, is there any way I can get further diagnostics?

解决方案

We had a similar situation with a form hosted on domain A and posting the data to an API on domain B. The POST request from domain A contained the header "x-api-key" that is not relevant for domain B

The response to the preflight OPTIONS request to the API contained the headers

• Access-Control-Allow-Origin:https://domainA
• Access-Control-Allow-Headers:*
• Access-Control-Allow-Methods:*

That worked fine for all browsers except those on iOS. As we finally found out, specifying the wild card * for Access-Control-Allow-Headers does not work for iOS browsers. In the response to the OPTIONS request you need to specify all the headers that are present in the POST request, even if some headers are not relevant for the server on domain B. Only then will iOS send the POST request.

Changing the response header to

• Access-Control-Allow-Headers:Accept,Content-Type,X-Requested-With,x-api-key

did it (even if the header x-api-key is not processed on server B)

这篇关于iOS11在所有移动浏览器中导致CORS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！