Access-Control-Allow-Methods和Microsoft Edge，可与Firefox和Chrome一起使用 [英] Access-Control-Allow-Methods and Microsoft Edge, works with Firefox and Chrome

问题描述

我正在使用超级代理对我的WebApi后端执行DELETE调用.

I'm using superagent to execute a DELETE call to my WebApi backend.

飞行前呼叫说Access-Control-Allow-Methods是*, GET, POST, PUT, DELETE, OPTIONS.使用方法DELETE在Firefox和Chrome中可以正常工作，但不能在Edge中使用(可能与IE相同吗?).

The pre-flight call says that the Access-Control-Allow-Methods are *, GET, POST, PUT, DELETE, OPTIONS. Using the method DELETE works fine in Firefox and Chrome, but not Edge (maybe the same with IE?).

我的控制台出现此错误:

Im getting this error in my console:

SEC7124:在Access-Control-Allow-Methods列表中不存在请求方法DELETE.

SEC7124: Request method DELETE was not present in the Access-Control-Allow-Methods list.

对它的预检调用在Edge的dev-tools中返回与在Chrome和Firefox中相同的结果.服务器正在运行CORS.

The preflight call for it returns the same in dev-tools for Edge as for Chrome and Firefox. The server is running CORS.

推荐答案

显然，尽管在CORS和HTTP规范中语法上有效，Edge还是拒绝*作为Access-Control-Allow-Methods的值.但是请注意，*作为Access-Control-Allow-Methods中的通配符，不是具有语义上的意义.它从字面上指的是具有单个字符名称*的HTTP方法.除非您的服务器实际上期望使用称为*的HTTP方法，否则没有理由包括此方法名称.

Apparently Edge rejects * as a value for Access-Control-Allow-Methods, despite it being grammatically valid under the CORS and HTTP specifications. Note, however, that * does not have semantic significance as a wildcard in Access-Control-Allow-Methods. It literally refers to an HTTP method with the single-character name *. Unless your server actually expects an HTTP method called *, there is no reason to include this method name.

从列表中删除*，以使您的请求在Edge上正常工作.

Remove the * from the list to make your request work on Edge.

这篇关于Access-Control-Allow-Methods和Microsoft Edge，可与Firefox和Chrome一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！