Access-Control-Allow-Methods和Microsoft Edge,可与Firefox和Chrome一起使用 [英] Access-Control-Allow-Methods and Microsoft Edge, works with Firefox and Chrome
问题描述
我正在使用超级代理对我的WebApi后端执行DELETE
调用.
I'm using superagent to execute a DELETE
call to my WebApi backend.
飞行前呼叫说Access-Control-Allow-Methods
是*, GET, POST, PUT, DELETE, OPTIONS
.使用方法DELETE
在Firefox和Chrome中可以正常工作,但不能在Edge中使用(可能与IE相同吗?).
The pre-flight call says that the Access-Control-Allow-Methods
are *, GET, POST, PUT, DELETE, OPTIONS
. Using the method DELETE
works fine in Firefox and Chrome, but not Edge (maybe the same with IE?).
我的控制台出现此错误:
Im getting this error in my console:
SEC7124:在Access-Control-Allow-Methods列表中不存在请求方法DELETE.
SEC7124: Request method DELETE was not present in the Access-Control-Allow-Methods list.
对它的预检调用在Edge的dev-tools中返回与在Chrome和Firefox中相同的结果.服务器正在运行CORS.
The preflight call for it returns the same in dev-tools for Edge as for Chrome and Firefox. The server is running CORS.
推荐答案
显然,尽管在CORS和HTTP规范中语法上有效,Edge还是拒绝*
作为Access-Control-Allow-Methods
的值.但是请注意,*
作为Access-Control-Allow-Methods
中的通配符,不是具有语义上的意义.它从字面上指的是具有单个字符名称*
的HTTP方法.除非您的服务器实际上期望使用称为*
的HTTP方法,否则没有理由包括此方法名称.
Apparently Edge rejects *
as a value for Access-Control-Allow-Methods
, despite it being grammatically valid under the CORS and HTTP specifications. Note, however, that *
does not have semantic significance as a wildcard in Access-Control-Allow-Methods
. It literally refers to an HTTP method with the single-character name *
. Unless your server actually expects an HTTP method called *
, there is no reason to include this method name.
从列表中删除*
,以使您的请求在Edge上正常工作.
Remove the *
from the list to make your request work on Edge.
这篇关于Access-Control-Allow-Methods和Microsoft Edge,可与Firefox和Chrome一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!