Duplicate Access-Control-Allow-Origin: * 导致 COR 错误? [英] Duplicate Access-Control-Allow-Origin: * causing COR error?
问题描述
从客户的 web api 调用 rest api,它返回重复的 Access-Control-Allow-Origin: * 并导致 COR 错误.
我在本地进行了测试,重复项确实会导致错误,而单个 Access-Control-Allow-Origin: * 有效.
在调用 GET 时,我这边有没有办法解决这个问题?
HTTP/1.1 200 OK日期:2012 年 11 月 28 日,星期三 19:40:10 GMT服务器:Microsoft-IIS/6.0X-Powered-By: ASP.NET访问控制允许来源:*访问控制允许来源:*设置-Cookie:TargetToken=AB3Hirk0TNDPCfVY6LZd1Fs1;到期日 = 2014 年 11 月 28 日星期五 19:40:10 G11T;路径=/;仅Http缓存控制:无缓存编译指示:无缓存过期时间:-1内容类型:应用程序/xml;字符集=utf-8内容长度:590
<块引用>
XMLHttpRequest 无法加载 http://target.com/api/getstuff?stuffid=4一>.来源 http://mysite.com 不允许访问控制允许来源.
CORS 规范明确规定不允许使用多个 Access-Control-Allow-Origin 标头:http://www.w3.org/TR/cors/#resource-sharing-check-0
有什么方法可以说服客户修复他们的服务器实现吗?
Calling a rest api from a customer's web api and it's returning duplicate Access-Control-Allow-Origin: * and it causing COR errors.
I've tested locally and the duplicate does cause the error whereas a single Access-Control-Allow-Origin: * works.
Is there a way around this from my side when calling the GET?
HTTP/1.1 200 OK
Date: Wed, 28 Nov 2012 19:40:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
Set-Cookie: TargetToken=AB3Hirk0TNDPCfVY6LZd1Fs1; Expires=Fri, 28-Nov-2014 19:40:10 G11T; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/xml; charset=utf-8
Content-Length: 590
XMLHttpRequest cannot load http://target.com/api/getstuff?stuffid=4. Origin http://mysite.com is not allowed by Access-Control-Allow-Origin.
The CORS spec explicitly states that multiple Access-Control-Allow-Origin headers are not allowed: http://www.w3.org/TR/cors/#resource-sharing-check-0
Is there any way to convince the client to fix their server implementation?
这篇关于Duplicate Access-Control-Allow-Origin: * 导致 COR 错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!