问题在跨源资源共享this.withCredentials属性 [英] Issue in this.withCredentials attribute in Cross Origin Resource Sharing

问题描述

我们正在实施它使用在不同的域所承载的其他网络服务的AngularJS基础的应用。下面的脚本用于CORS和它完美的作品在Chrome和Firefox。它在IE9和身份验证时，Safari浏览器的问题。看来问题出在 withCredentials 属性，这些浏览器。是否有IE和Safari支持CORS任何其他方式？

 ＆LT;脚本类型=文/ JavaScript的＆GT;
     XMLHtt prequest.prototype.realSend = XMLHtt prequest.prototype.send;
     XMLHtt prequest.prototype.send =功能（VDATA）{
        this.withCredentials = TRUE;
        this.realSend.apply（这一点，参数）;
     };
＆LT; / SCRIPT＆GT;
 

解决方案

据我们尝试，我们可以想出以下总结了不同的方案。希望将是有益的。

1. 根据浏览器IE10规格+和Safari 4+版本
   支持XHR和withCredentials属性。


2. 表示可用于CORS而没有任何问题，因为在上述的脚本。


3. 有关，我们需要使用XDR其他版本的IE（9）。


4. URL重写mod没有成功与服务器端时，它
   涉及到HTTPS。

解决的办法很简单。默认情况下IE和Safari浏览器禁用了第三方的cookies。由于我们使用两个不同的领域，一旦用户输入凭据登录，这些浏览器无法保存该cookie。正因为如此，所有其他的要求是未经授权的。

允许步骤第三方的cookies

• IE 10 - Internet选项>隐私>高级>第三方Cookie>
  接受


• 野生动物园 - preferences>隐私>块饼干>从不

由于这个问题，我们发现，在AngularJS版本1.1.1+，他们已很容易在配置模块设置'withCredentials的价值（
$ httpProvider.defaults.withCredentials = TRUE;）

We are implementing an AngularJS based application which uses a rest web service hosted in a different domain. The following script is used for CORS and it works perfectly on Chrome and FireFox. It has an issue in IE9 and Safari when authenticating. It seems the issue is with the withCredentials attribute in those browsers. Is there any other way that IE and Safari supports CORS?

<script type="text/javascript">
     XMLHttpRequest.prototype.realSend = XMLHttpRequest.prototype.send;
     XMLHttpRequest.prototype.send = function(vData) {
        this.withCredentials = true;
        this.realSend.apply(this, arguments);
     };
</script>

解决方案

According to the different scenarios we tried we could come up with following summary. Hope that would be useful.

1. According to the browser specifications IE10+ and Safari 4+ versions supports XHR and withCredentials attribute.
2. That can be used for CORS without any issue as in the above script.
3. For other IE versions (9-) we need to use XDR.
4. URL rewrite mod was not successful with the server side when it comes to HTTPS.

The solution was very simple. By default IE and Safari have disabled the 3rd party cookies. Since we use two different domains once a user enters the credentials to login, those browsers were unable to save that cookie. Because of that all other requests were unauthorized.

Steps for allowing 3rd party cookies

• IE 10 - Internet Options > Privacy > Advanced > Third Party Cookies > Accept
• Safari - Preferences > Privacy > Block Cookies > Never

Due to this problem we found that in AngularJS version 1.1.1+ they have made it easy by setting the ‘withCredentials’ value in ‘config’ module ( $httpProvider.defaults.withCredentials = true;)

这篇关于问题在跨源资源共享this.withCredentials属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！