请求标头不存在于Access-Control-Allow-Headers列表中 [英] Request header was not present in the Access-Control-Allow-Headers list

问题描述

在我的API中，我有以下代码:

In my API, I have the following code:

public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{

    public override Task MatchEndpoint(OAuthMatchEndpointContext context)
    {
        if (context.OwinContext.Request.Method == "OPTIONS" && context.IsTokenEndpoint)
        {
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", 
                new[] { 
                    "access-control-allow-origin", 
                    "accept", 
                    "x-api-applicationid", 
                    "content-type", 
                    "authorization" 
                });
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
            context.OwinContext.Response.StatusCode = (int)HttpStatusCode.OK;

            context.RequestCompleted();

            return Task.FromResult<object>(null);
        }

        return base.MatchEndpoint(context);
    }

    // ... even more code, but not relevant

}

当我从Chrome浏览器连接到此API时，一切正常.当我从同一台计算机连接到相同的API，但仅从不同的浏览器Internet Explorer 11连接时，出现以下错误:

When I connect to this API from Chrome, everything works perfect. When I connect from the same computer to the same API, but only from a different browser, Internet Explorer 11, I get the following error:

SEC7123:请求标头x-api-applicationid不存在于 访问控制允许标题列表.

SEC7123: Request header x-api-applicationid was not present in the Access-Control-Allow-Headers list.

我调试了代码，然后看到标头已添加到响应中.甚至IE都显示标题:

I debugged the code, and I see the headers are added to the response. Even IE shows the headers:

IE期望什么?

更新

如果我从

new[] { 
    "access-control-allow-origin", 
    "accept", 
    "x-api-applicationid", 
    "content-type", 
    "authorization" 
}

收件人:

new[] { 
    "content-type",
    "accept",
    "access-control-allow-origin",
    "x-api-applicationid", 
    "authorization" 
}

错误消息更改为:

SEC7123:请求标头 access-control-allow-origin 不存在 访问控制允许标题列表.

SEC7123: Request header access-control-allow-origin was not present in the Access-Control-Allow-Headers list.

因此，它总是在第三个标头上给出错误.

So it always gives an error on the third header.

推荐答案

我找到了一段代码

I've found a piece of code here which fixed it for me.

//Startup.cs
public void ConfigureOAuth(IAppBuilder app)
{
    app.Use(async (context, next) =>
    {
        IOwinRequest req = context.Request;
        IOwinResponse res = context.Response;
        if (req.Path.StartsWithSegments(new PathString("/oauth2/token")))
        {
            var origin = req.Headers.Get("Origin");
            if (!string.IsNullOrEmpty(origin))
            {
                res.Headers.Set("Access-Control-Allow-Origin", origin);
            }
            if (req.Method == "OPTIONS")
            {
                res.StatusCode = 200;
                res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
                res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization", "content-type", "x-api-applicationid", "access-control-allow-origin");
                return;
            }
        }
        await next();
    });

    // rest of owin Oauth config
}

我从CustomOAuthProvider.cs中删除了MatchEndpoint方法

I removed the MatchEndpoint method from my CustomOAuthProvider.cs

这篇关于请求标头不存在于Access-Control-Allow-Headers列表中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！