“CORS 标头‘Access-Control-Allow-Origin’不匹配",不正确的“Access-Control-Allow-Origin";在响应头中 [英] "CORS header ‘Access-Control-Allow-Origin’ does not match", incorrect "Access-Control-Allow-Origin" in Response Header
问题描述
我们在 IIS 上托管了一个多租户 Web 应用程序,带有两个标头(SiteA 和 SiteB).该应用程序在客户端使用 Autodesk Forge Viewer.一切正常,直到上周开始发生这种情况:使用 url "http://www.siteA.com" 浏览应用程序时,它工作正常.现在,如果我们在另一个选项卡中使用 url "http://www.siteB.com" 浏览相同的应用程序没有加载,我们在调试中有两个错误:
We have a multi-tenant web application hosted on IIS with two headers (SiteA and SiteB). The application uses Autodesk Forge Viewer on the client side. Everything was working fine until last week which this started happening: when browsing the application with url "http://www.siteA.com" it works fine. now if we browse same application using url "http://www.siteB.com" in another tab the viewer does not load and we have two errors in the debug:
跨源请求被阻止:同源策略不允许读取位于 https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/lmvworker.min.js.(原因:CORS 标头Access-Control-Allow-Origin"与http://www.siteA.com').
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/lmvworker.min.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://www.siteA.com’).
和
跨源请求被阻止:同源策略不允许读取位于 https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/res/locales/en/allstrings.json.(原因:CORS 标头Access-Control-Allow-Origin"与http://www.siteA.com').
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://developer.api.autodesk.com/viewingservice/v1/viewers/6.2.3/res/locales/en/allstrings.json. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://www.siteA.com’).
正如错误所暗示的,尽管调用的请求标头中的源是http://www.siteB.com" 响应标头中返回的 "Access-Control-Allow-Origin" 是 "http://www.siteA.com" !
as the error suggests although the Origin in the Request header of the call is "http://www.siteB.com" the returning "Access-Control-Allow-Origin" in the response header is "http://www.siteA.com" !
现在如果其他人(或使用其他浏览器)我们做同样的事情,但其他方式(第一个站点 B 然后 A)我们有站点 B 工作正常,但站点 A 给出错误响应标头的错误.
now if someone else (or using another browser) we do the same but other way (first site B then A) we have site B working fine but site A giving the error with wrong response header.
有人遇到过这样的问题吗?这是更新任何可能的 Autodesk Forge CDN 服务器的 CDN 缓存问题吗?任何指导我朝着正确方向前进的帮助将不胜感激.
Has anyone ever had such problem? is this a CDN cache issue with any possible Autodesk Forge CDN servers updated? Any help to guide me in the right direction will be appreciated.
谢谢
推荐答案
我遇到了完全相同的行为.在我们的例子中,它是 2 个不同的站点,具有 2 个完全不同的域.
I am experiencing the exact same behaviour. In our case it are 2 different sites with 2 complete different domains.
我们使用这些 url 来加载脚本和 CSS
We are using these url's for loading script and CSS
https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/viewer3D.min.jshttps://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/style.min.css
我已经在最新的 Chrome/Firefox 中对其进行了测试,但在两种浏览器中我都遇到了错误.
I have tested it in the latest Chrome / Firefox and in both browsers I get the error.
我做了什么:
- 访问站点 A =>一切正常
- 访问站点 B =>不工作
- 在站点 B 上重置缓存 =>一切正常
- 访问站点 A =>不工作
因此,从 CDN 加载脚本的第一个站点是赢家",该站点按预期工作.
So the first site which loads the scripts from the CDN is the 'Winner' and that site works as expected.
我也通过访问:https://sample-collection 对其进行了测试.s3.amazonaws.com/advanced.html
之后,我打开了我的开发网站并收到此错误:
After that I opened my development website and got this error:
访问 XMLHttpRequest 在'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js'来自 'https://dev-bdh-project-sharing-management.bdh.nl' 有被 CORS 策略阻止:Access-Control-Allow-Origin"标头有一个值 'https://sample-collection.s3.amazonaws.com' 不是等于提供的来源.
Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' from origin 'https://dev-bdh-project-sharing-management.bdh.nl' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://sample-collection.s3.amazonaws.com' that is not equal to the supplied origin.
这篇关于“CORS 标头‘Access-Control-Allow-Origin’不匹配",不正确的“Access-Control-Allow-Origin";在响应头中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
