Internet Explorer 10 忽略 XMLHttpRequest 'xhr.withCredentials = true' [英] Internet Explorer 10 is ignoring XMLHttpRequest 'xhr.withCredentials = true'
问题描述
我目前在使用 IE10 进行跨域 ajax 调用时遇到问题(在 IE10 模式下,不兼容).
I’m currently having an issue with a cross-domain ajax call using IE10 (in IE10 mode, not compatibility).
情况:我有两个域,http://a
和 http://b
.我为 http://b
设置了一个 cookie.我目前在页面 http://a
.
Situation:
I have two domains, http://a
and http://b
. I have a cookie set for http://b
. I am currently on page http://a
.
我想使用 XMLHttpRequest 向 http://b
发出 CORS 请求(根据 http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx),并在请求中包含 cookie.JS如下:
I want to do a CORS request to http://b
using XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request.
The JS is as follows:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
这应该确保 cookie 附加到请求中;但是,Fiddler 跟踪显示未附加任何 cookie,并且我收到 401: Access Denied
.
This should ensure that the cookie is attached to the request; however, the Fiddler trace shows that no cookie is attached, and I get 401: Access Denied
.
服务器配置为使用 CORS,它包含访问控制标头:
The server is configured to work with CORS, it includes the Access-Control headers:
Access-Control-Allow-Origin: http://a
Access-Control-Allow-Credentials: true
(这应该没有任何区别,因为没有 OPTIONS 预检请求,并且 IE 发送的第一个请求是 GET,并且 cookie 不存在,因此导致 401).
(this should not make any difference, since there is no OPTIONS preflight request, and the first request IE sends is a GET, and the cookie is not present, thus causing a 401).
此外,JS 代码段在 Firefox 和 Opera 中都可以正常工作.
Furthermore, the JS snippet works fine in both Firefox and Opera.
推荐答案
这可能是同一个旧的 IE P3P 问题.使用 IE 的默认设置,如果设置的 cookie 没有 P3P 标头也出现在响应中,则 cookie 将被标记为仅限第一方".这意味着在第三方上下文中,例如 iframe 或 CORS 请求,IE 将拒绝发送 cookie.
It's probably the same old IE P3P issue. With IE's default settings, if a cookie is set without a P3P header also present in the response, the cookie is marked as "first-party only". Which means that in a third-party context, such as an iframe or a CORS request, IE will refuse to send the cookie.
要修复它,您需要在设置 cookie 时提供 P3P 标头.请参阅 http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx 了解详情.
To fix it, you need to supply a P3P header when setting the cookies. See http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx for details.
更新:链接现已失效,但您可以在 互联网档案馆
Update: Link is now dead, but you can see it at the Internet Archive
这篇关于Internet Explorer 10 忽略 XMLHttpRequest 'xhr.withCredentials = true'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!