"CORS标头"Access-Control-Allow-Origin"不匹配",错误的"Access-Control-Allow-Origin"在响应标题中 [英] "CORS header ‘Access-Control-Allow-Origin’ does not match", incorrect "Access-Control-Allow-Origin" in Response Header

查看:780
本文介绍了"CORS标头"Access-Control-Allow-Origin"不匹配",错误的"Access-Control-Allow-Origin"在响应标题中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们在IIS上托管了一个多租户Web应用程序,带有两个标头(SiteA和SiteB).该应用程序在客户端使用Autodesk Forge Viewer.一切正常,直到上周才开始发生: 当使用URL" http://www.siteA.com 浏览应用程序时,它可以正常工作.现在,如果我们在另一个选项卡中使用URL" http://www.siteB.com "浏览同一应用程序,无法加载,我们在调试中遇到两个错误:

跨域请求被阻止:同源起源"策略不允许读取 http://www.siteA.com ').

跨域请求被阻止:同源起源"策略不允许读取 http://www.siteA.com ').

错误提示

,尽管呼叫的Request头中的Origin是" http://www.siteB.com ",响应标头中返回的"Access-Control-Allow-Origin"是" http://www. siteA.com "!

现在,如果有人(或使用其他浏览器)进行了相同的操作,但以其他方式(首先是站点B,然后是A),我们使站点B正常运行,但站点A给出了错误的响应头,并显示了错误.

有人遇到过这样的问题吗?这是CDN缓存问题,是否更新了任何可能的Autodesk Forge CDN服务器? 任何指导我正确方向的帮助将不胜感激.

谢谢

解决方案

我正在经历完全相同的行为.在我们的例子中,这是2个不同的站点,具有2个完全不同的域.

我们正在使用这些网址来加载脚本和CSS

https://developer.api .autodesk.com/modelderivative/v2/viewers/7.*/viewer3D.min.js https://developer.api.autodesk. com/modelderivative/v2/viewers/7.*/style.min.css

我已经在最新的Chrome/Firefox浏览器中对其进行了测试,并且在两种浏览器中都收到了错误消息.

我做了什么:

  • 访问站点A =>一切正常
  • 访问网站B =>不起作用
  • 重置站点B上的缓存=>一切正常
  • 访问站点A =>无法正常工作

因此,从CDN加载脚本的第一个站点是"Winner",并且该站点按预期工作.

我还通过访问以下网址对其进行了测试: https://sample-collection. s3.amazonaws.com/advanced.html

此后,我打开开发网站并收到此错误:

在以下位置访问XMLHttpRequest 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' 来自来源"https://dev-bdh-project-sharing-management.bdh.nl"具有 被CORS策略阻止:"Access-Control-Allow-Origin"标头 的值"https://sample-collection.s3.amazonaws.com"不是 等于提供的原点.

We have a multi-tenant web application hosted on IIS with two headers (SiteA and SiteB). The application uses Autodesk Forge Viewer on the client side. Everything was working fine until last week which this started happening: when browsing the application with url "http://www.siteA.com" it works fine. now if we browse same application using url "http://www.siteB.com" in another tab the viewer does not load and we have two errors in the debug:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/lmvworker.min.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://www.siteA.com’).

and

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/res/locales/en/allstrings.json. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://www.siteA.com’).

as the error suggests although the Origin in the Request header of the call is "http://www.siteB.com" the returning "Access-Control-Allow-Origin" in the response header is "http://www.siteA.com" !

now if someone else (or using another browser) we do the same but other way (first site B then A) we have site B working fine but site A giving the error with wrong response header.

Has anyone ever had such problem? is this a CDN cache issue with any possible Autodesk Forge CDN servers updated? Any help to guide me in the right direction will be appreciated.

Thanks

解决方案

I am experiencing the exact same behaviour. In our case it are 2 different sites with 2 complete different domains.

We are using these url's for loading script and CSS

https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/viewer3D.min.js https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/style.min.css

I have tested it in the latest Chrome / Firefox and in both browsers I get the error.

What I did:

  • Visit site A => Everything works fine
  • Visit site B => Not working
  • Reset cache on site B => Everythings works
  • Visit site A => Not working

So the first site which loads the scripts from the CDN is the 'Winner' and that site works as expected.

I've tested it also by visiting: https://sample-collection.s3.amazonaws.com/advanced.html

After that I opened my development website and got this error:

Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' from origin 'https://dev-bdh-project-sharing-management.bdh.nl' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://sample-collection.s3.amazonaws.com' that is not equal to the supplied origin.

这篇关于"CORS标头"Access-Control-Allow-Origin"不匹配",错误的"Access-Control-Allow-Origin"在响应标题中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆