Chrome跨域PATCH请求不起作用 [英] Chrome Cross-Domain PATCH request not working

问题描述

我有一个带有REST Api的网站，现在我正在创建一个浏览器扩展，它将从某些页面收集数据并将其发送回REST Api.因为我希望自己的扩展程序与firefox和chrome兼容，并且易于维护，所以我将实际代码作为脚本标签注入到页面中，然后像普通的javascript一样执行.我目前仅在Chrome版本的扩展程序上工作，遇到了一个问题:

I have a website with REST Api and now I´m creating a browser extension, which will collect data from some pages and send them back to the REST Api. Because I want my extension to be compatible with both firefox and chrome, and to be easily maintainable, I´m injecting the actual code into page as a script tag, which is then executed like normal javascript. I´m currently working only on chrome version of the extension and I´ve run into a problem:

当我尝试将数据发送到api(PATCH请求)时，chrome不会让我说:

When I´m trying to send my data to the api (PATCH request), chrome won´t let me saying:

XMLHttpRequest无法加载 http://my.rest/api .Access-Control-Allow-Origin不允许起源 http://website.com .

XMLHttpRequest cannot load http://my.rest/api. Origin http://website.com is not allowed by Access-Control-Allow-Origin.

我将Access-Control-Allow-Header，Methods和Origin都设置为适当的值，但是仍然无法正常工作.不过，它可以处理GET请求.我也尝试过POST和PUT请求，但是它们也不起作用.

I have the Access-Control-Allow-Headers, Methods and Origin all set to proper values, but it still doesn´t work. It works with GET requests though. I´ve also tried POST and PUT request but those don´t work either.

这是我的标题:

请求:

OPTIONS /some/api/path HTTP/1.1
Host: my.rest
Connection: keep-alive
Access-Control-Request-Method: PATCH
Origin: http://website.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
X-FireLogger: 1.1
Access-Control-Request-Headers: accept, x-http-auth-user, x-http-auth-token, origin, content-type
Accept: */*
Referer: http://website.com/index.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: cs-CZ,cs;q=0.8

响应:

Access-Control-Allow-Headers:accept, x-http-auth-user, x-http-auth-token, origin, content-type
Access-Control-Allow-Methods:PATCH
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Type:text/html; charset=utf-8
Date:Thu, 04 Jul 2013 10:50:08 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.2 (Win64) PHP/5.4.3
X-Frame-Options:SAMEORIGIN
X-Powered-By:Nette Framework

我还尝试将Access-Control-Allow-Origin设置为与Origin标头完全相同的值，但是没有用.此外，它似乎可以在Firefox中运行.我有Chrome 27，应该是最新的.

I´ve also tried setting Access-Control-Allow-Origin to exactly same value as Origin header, but it didn´t work. Furthemore it seems to be working in Firefox. I have Chrome 27, which should be up-to-date.

推荐答案

我在带有CORS的 node.js 中遇到了类似的问题

I face a similar problem in node.js with CORS

您需要将 Access-Control-Allow-Origin 设置为特定域而不是通配符.

You need to set the Access-Control-Allow-Origin to the specific domain not a wildcard.

示例:访问控制允许来源到 http://website.com

(您可以在服务器上允许一系列起源，然后检查反对该请求(如果允许的话)，然后用那个回答的通配符.)

(You can have on your server an array of origins allowed and check against the request if it is allowed then answer with that one instead of wildcards.)

此外，您可以将 Access-Control-Allow-Methods 标头设置为选项列表，例如:

Also, you can set the Access-Control-Allow-Methods headers to a list of options like:

POST, GET, OPTIONS, DELETE, PUT

这篇关于Chrome跨域PATCH请求不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！