为什么CORS请求在Microsoft Edge中失败但在其他浏览器中可以工作? [英] Why are CORS requests failing in Microsoft Edge but working in other browsers?
问题描述
我正在使用jQuery发送跨源ajax请求,它们在IE11,Chrome和Firefox中运行正常,但在Edge中失败,并出现以下错误:
I'm using jQuery to send cross origin ajax requests and they're working fine in IE11, Chrome and Firefox but they fail in Edge with the following error:
SCRIPT7002:XMLHttpRequest:网络错误0x80070005,访问权限为 否认.
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
有趣的是,我使用Fiddler试图弄清发生了什么,以及Fiddler运行和捕获请求时一切正常.一旦我关闭Fiddler或暂停捕获,它就会再次失败.
What's interesting is that I used Fiddler to try to figure out what was going on and when Fiddler is running and capturing requests everything works fine. As soon as I close Fiddler or pause capture it fails again.
该站点正在我的本地计算机(webpack-dev-server)上运行,并通过本地网络向WebAPI服务发出请求.
The site is running on my local machine (webpack-dev-server) making requests across the local network to a WebAPI service.
我的主机文件设置如下:
My hosts file is set up like this:
127.0.0.1 local.myapp.test
192.168.0.111 api.myapp.test
在生产中应该不会有问题,因为站点和API将托管在同一个地方,但是对于开发和测试来说是无价的.
It shouldn't be a problem in production as the site and API will be hosted in the same place but it's invaluable for development and testing.
更新:
感谢Eric Law,我现在知道为什么启用Fiddler时其行为会有所不同-Edge切换到本地Intranet区域是因为Fiddler进行了代理设置更改,并且Intranet区域的安全级别较低.
Thanks to Eric Law I now know why it was behaving differently with Fiddler enabled - Edge was switching to Local Intranet zone because of the proxy settings change Fiddler makes and the intranet zone has a lower security level.
我将把本地Intranet区域的安全级别提高到中-高,以匹配Internet区域,然后使用Fiddler尝试弄清Edge对CORS请求感到不安的原因.
I'm going to bump the Local intranet zone security level up to Medium-High to match the Internet zone and then use Fiddler to try to work out why Edge is upset about the CORS request.
推荐答案
我将逐字列出Fiddler论坛上的Eric Lawrence(Fiddler的创建者)所提供的答案:
I'll include below, verbatim, the answers that Eric Lawrence (creator of Fiddler) kindly provided on the Fiddler forum:
One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.
...如果您将Intranet站点用作Internet区域站点中XHR的目标,则还有另一个因素在起作用.
... there's another factor at work here if you're using an Intranet site as the target of an XHR from a site in the Internet zone.
Edge在增强保护模式(AppContainer)中运行.该功能具有阻止从Internet区域进程访问专用网络资源的功能.请参阅
Edge runs in Enhanced Protected Mode (AppContainer). That has a feature which blocks access to Private Network Resources from Internet-Zone processes. See the "Private Network resources" section of http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx for more details.
我在Internet选项的本地Intranet"区域中添加了local.myapp.test(运行SPA的URL),现在Edge不需要Fiddler了.
I added local.myapp.test (the URL I'm running my SPA from) to the Local Intranet zone in Internet Options and now Edge is happy without the need for Fiddler.
这篇关于为什么CORS请求在Microsoft Edge中失败但在其他浏览器中可以工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
