请求标头不存在于Access-Control-Allow-Headers列表中 [英] Request header was not present in the Access-Control-Allow-Headers list
问题描述
在我的API中,我有以下代码:
In my API, I have the following code:
public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{
public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
if (context.OwinContext.Request.Method == "OPTIONS" && context.IsTokenEndpoint)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers",
new[] {
"access-control-allow-origin",
"accept",
"x-api-applicationid",
"content-type",
"authorization"
});
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.OwinContext.Response.StatusCode = (int)HttpStatusCode.OK;
context.RequestCompleted();
return Task.FromResult<object>(null);
}
return base.MatchEndpoint(context);
}
// ... even more code, but not relevant
}
当我从Chrome浏览器连接到此API时,一切正常.当我从同一台计算机连接到相同的API,但仅从不同的浏览器Internet Explorer 11连接时,出现以下错误:
When I connect to this API from Chrome, everything works perfect. When I connect from the same computer to the same API, but only from a different browser, Internet Explorer 11, I get the following error:
SEC7123:请求标头x-api-applicationid不存在于 访问控制允许标题列表.
SEC7123: Request header x-api-applicationid was not present in the Access-Control-Allow-Headers list.
我调试了代码,然后看到标头已添加到响应中.甚至IE都显示标题:
I debugged the code, and I see the headers are added to the response. Even IE shows the headers:
IE期望什么?
更新
如果我从
new[] {
"access-control-allow-origin",
"accept",
"x-api-applicationid",
"content-type",
"authorization"
}
收件人:
new[] {
"content-type",
"accept",
"access-control-allow-origin",
"x-api-applicationid",
"authorization"
}
错误消息更改为:
SEC7123:请求标头 access-control-allow-origin 不存在 访问控制允许标题列表.
SEC7123: Request header access-control-allow-origin was not present in the Access-Control-Allow-Headers list.
因此,它总是在第三个标头上给出错误.
So it always gives an error on the third header.
推荐答案
I've found a piece of code here which fixed it for me.
//Startup.cs
public void ConfigureOAuth(IAppBuilder app)
{
app.Use(async (context, next) =>
{
IOwinRequest req = context.Request;
IOwinResponse res = context.Response;
if (req.Path.StartsWithSegments(new PathString("/oauth2/token")))
{
var origin = req.Headers.Get("Origin");
if (!string.IsNullOrEmpty(origin))
{
res.Headers.Set("Access-Control-Allow-Origin", origin);
}
if (req.Method == "OPTIONS")
{
res.StatusCode = 200;
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization", "content-type", "x-api-applicationid", "access-control-allow-origin");
return;
}
}
await next();
});
// rest of owin Oauth config
}
我从CustomOAuthProvider.cs中删除了MatchEndpoint
方法
I removed the MatchEndpoint
method from my CustomOAuthProvider.cs
这篇关于请求标头不存在于Access-Control-Allow-Headers列表中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!