CORS POST请求不工作 - OPTIONS(错误请求) - 起源是不允许的 [英] CORS POST Requests not working - OPTIONS (Bad Request) - The origin is not allowed
问题描述
我有一个很大的麻烦跨域POST请求砸在了最新的Beta 2版本的API控制器。
I'm having a lot of trouble getting a cross domain POST request to hit an Api controller in the latest beta 2 release.
浏览器(和其他浏览器)吐了出来:
Chrome (and other browsers) spit out:
OPTIONS http://api.hybridwebapp.com/api/values 400 (Bad Request)
POST http://api.hybridwebapp.com/api/values 404 (Not Found)
这可能与这个问题,但我已应用的解决方法和其他一些修复,如网络的.config <一个href=\"http://stackoverflow.com/questions/12521499/cors-support-for-put-and-delete-with-asp-net-web-api\">additions这里
It may be related to this issue but I have applied that workaround and several other fixes such as web.config additions here
我一直在敲打我的头这一段时间,所以我创建了一个解决方案,以准确地重现该问题。
I've been banging my head with this for a while so I created a solution to reproduce the problem exactly.
加载Web应用程序将有2个按键一个GET一个POST和旁边的按键响应将出现。 GET作品。无法获取POST成功返回。
Load the web app there will be 2 buttons one for GET one for POST and the response will appear next to the button. GET works. Cannot get POST to return successfully.
我能够从提琴手事业得到暗示,但它是没有意义的,因为如果你看的响应,但包含在域接入控制研究允许来源标题:
I'm able to get a hint at the cause from Fiddler but it makes no sense because if you look at the response it DOES include the domain in the Access-Controll-Allow-Origin header:
有一个名为ConfigurationScreenshots与IIS配置的几张截图(网站绑定)和项目属性配置的解决方案的文件夹,使之尽可能容易帮助我:)
There is a folder in the solution called "ConfigurationScreenshots" with a few screenshots of the IIS configuration (website bindings) and Project properties configurations to make it as easy as possible to help me :)
编辑:不要忘了这个项目添加宿主文件(%SYSTEMROOT%\\ SYSTEM32 \\ drivers \\ etc下):
Don't forget to add this entry to host file (%SystemRoot%\system32\drivers\etc):
127.0.0.1 hybridwebapp.com api.hybridwebapp.com
*的状态:* 的看来,Chrome等浏览器的一些让我与POST进行,无论在OPTIONS响应(而其他如Firefox不)的错误信息。但我不认为解决。
*STATUS: * It seems that some browsers like Chrome allow me to proceed with the POST regardless of the error message in the OPTIONS response (while others like Firefox don't). But I don't consider that solved.
看那选项的菲德勒截图要求它有
Look at the Fidler screenshots of the OPTIONS request it has
访问控制允许来源: http://hybridwebapp.com
可是错误:
起源 http://hybridwebapp.com 是不允许的。
这是完全矛盾就好像它忽略了头。
That is completely contradictory it's as if it's ignoring the header.
推荐答案
好吧我过去,这。这一定是我一生中遇到的最奇怪的问题。以下是如何解决是:
Ok I got past this. This has got to be the strangest issue I've ever encountered. Here's how to "solve" it:
- 生活照常继续,直到的突然冲出没有在那里的OPTIONS请求到该域开始返回200 OK(而不是400错误的请求)和POST从未发生过(或者至少看起来像它doesn 'T因为浏览器吞下它)
- 实现了小提琴手的OPTIONS响应神秘包含访问控制允许-XXX副本。
- 尝试删除下面的语句从你的web.config即使你清楚地记得那个试图修复previous问题,它不工作:
- Continue on with life as usual until suddenly out of no where OPTIONS requests to this domain begin returning 200 OK (instead of 400 Bad Request) and POST never happens (or at least seems like it doesn't because the browser swallows it)
- Realize that Fiddler's OPTIONS response mysteriously contains duplicates for "Access-Control-Allow-XXX".
- Try removing the following statement from you web.config even though you clearly remember trying that to fix the previous issue and it not working:
删除此:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<add name="Access-Control-Allow-Origin" value="http://mydomain.com" />
<add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Origin" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
由于你已经有了这样的:
Because you already have this:
var enableCorsAttribute = new EnableCorsAttribute("http://mydomain.com",
"Origin, Content-Type, Accept",
"GET, PUT, POST, DELETE, OPTIONS");
config.EnableCors(enableCorsAttribute);
道德:你只需要一个
Moral: You only need one.
这篇关于CORS POST请求不工作 - OPTIONS(错误请求) - 起源是不允许的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
