Chrome说没有“ Access-Control-Allow-Origin”标头，但标头在那里 [英] Chrome saying No 'Access-Control-Allow-Origin' header, but the header is there

问题描述

这个问题已经在stackoverflow中被提到过十次了，但是我有一个不同的问题。

This issue is mentioned in stackoverflow a dozen times already, but I have a different issue.

Chrome首先调用 OPTIONS来获取标题。如您所见，正确的标题在那里。

Chrome first makes an "OPTIONS" call to get the headers. As you can see, the correct headers are there.

出于某种原因，Chrome不会注意到标头，并且会以与未标头相同的方式取消实际请求

For some reason, Chrome doesn't notice the header and cancels the actual request in the same manner that it would if the header wasn't there at all.

页面实际上打了三个电话，奇怪的是，其中一个起作用。

The page actually makes three calls and curiously, one of them works.

问题是，当标头确实存在时，为什么Chrome不尊重标头？我该怎么做才能调试它？

So the question is, when the header really is there, why does Chrome not respect it? What could I do to debug it?

更新

我尝试添加 Access-Control-Allow-Methods ，因此现在来自OPTIONS调用的标头响应包括以下响应标头：

I tried adding Access-Control-Allow-Methods so now the header response from the OPTIONS call includes these response headers:

Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:*

结果是相同的。

在服务器端设置标头

我为每个请求在服务器端设置标头（在全局.asax.cs Application_BeginRequest）

I set the headers on the serverside on every request (in Global.asax.cs Application_BeginRequest)

Response.Headers.Add("Access-Control-Allow-Origin", "*");
Response.Headers.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
Response.Headers.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS");

与Fiddler调查后

我查看了原始请求和响应，发现了一些令人惊讶的东西：该错误是来自应用程序的简单HTTP 500错误。可能是因为HTTP 500错误未包含正确的标题，Chrome不会显示返回的错误，而是显示与标题相关的错误。

I looked through the raw request and response and found something surprising: The error is a simple HTTP 500 error from the application. Likely because the HTTP 500 error does not contain the right headers, Chrome doesn't show the returned error but instead shows the header related error.

答案

因此，总之，如果Chrome给出没有'Access-Control-Allow-Origin'标头可能实际上掩盖了HTTP 500错误。可以通过在Fiddler中检查请求和响应来确定。

So in conclusion, if Chrome gives says No 'Access-Control-Allow-Origin' header it might actually cover up a HTTP 500 error. This can be determined by checking request and response in Fiddler.

推荐答案

如果Chrome显示否'Access- Control-Allow-Origin'标头，它实际上可能掩盖了HTTP 500错误。可以通过在Fiddler中检查请求和响应来确定。

If Chrome says No 'Access-Control-Allow-Origin' header it might actually cover up a HTTP 500 error. This can be determined by checking request and response in Fiddler.

这篇关于Chrome说没有“ Access-Control-Allow-Origin”标头，但标头在那里的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！